30 April 21, 09:47
Quote:Ransomware has reached crisis levels across business sectors and across the globe, but a public-private Ransomware Task Force aims to stem the tide of attacks by disrupting the crooks’ business model.
The Institute for Security and Technology (IST) put together the coalition, which includes more than 60 members from software companies, government agencies, cybersecurity vendors, financial services companies, nonprofits and academic institutions. Big names associated with the project include the U.S. Department of Justice, Europol and the U.K.’s National Cybersecurity Centre (NCSC); along with Amazon, Cisco, FireEye and Microsoft, et al.
The group issued an ambitious framework for addressing the threat this week, in the form of a tome that clocks in at a whopping 81 pages. It was delivered to the Biden Administration and is chock-full of ambitious “to-dos,” such as setting up a reporting framework, managing the ransom negotiation-and-payment process, seizing gangs’ crypto-wallets and infrastructure, and going after cryptocurrency exchanges that fail to implement anti-money laundering measures.
In all, it details what RTF considers to be “a full, comprehensive strategy to stem the ransomware tide – ranging from dealing with the complexities of the ransomware epidemic, to the role of cyber-insurance, cryptocurrency and safe havens for threat actors,” according to Team Cymru, one of the cybersecurity firms signed onto the project.
The effort comes as ransomware has become one of the most frequent and disruptive types of cyberattack. For instance, the NCSC found in its 2020 Annual Review that it handled more than three times as many incidents than the previous year.
Mimecast’s 2021 “The State of Email Security Report” found that 61 percent of respondents in a survey indicated they had been impacted by ransomware in 2020, which is a 20 percent increase year-over-year. Companies impacted by ransomware lost an average of six working days to system downtime, with 37 percent saying downtime lasted one week or more.
And, as detailed in Threatpost’s recent eBook on the subject, attackers are increasingly evolving, adding new tactics, gaining in sophistication, stealing sensitive data, and building a thriving underground economy that involves multiple stakeholders and types of partners (initial access brokers and affiliates, for example). They’re also demanding ever-larger ransoms.
These gangs also have few (if any) scruples. “During the COVID-19 pandemic, attackers took advantage of the crisis in their selection of targets, which included hospitals in the U.S. and Europe,” the NCSC pointed out, in a blog posting. “Here in the U.K., we saw a spike in ransomware attacks affecting the education sector at a time when institutions were working hard to manage online learning, admissions and testing procedures.”
Read more: DoJ Task Force: Taking Down the Ransomware Economy | Threatpost