Ransomware Task Force Forming

The damaging effects of ransomware hit $11.5 billion in 2019, and doubled in 2020 as new, more damaging strains of ransomware (Maze, Sodinokibi, Ryuk, Dharma) hit companies even harder. Older ransomware strains would simply encrypt company data (without exfiltrating the data) until the ransom was paid or backups restored. Now, ransomware copies company data out to Internet websites and storage locations while encrypting it. This prevents companies from restoring their data from backup and ignoring the ransom. Hackers threaten to publish their stolen data to the public Internet unless they are paid their ransom.

Taking Action

In December 2020, high-profile security vendors officially took action, teaming up with the Institute for Security and Technology (IST) to form a Ransomware Task Force (RTF). Some of the high-profile organizations included including McAfee, Microsoft, and Rapid7 along with cyber advocacy groups such as the Cyber Threat Alliance and the Global Cyber Alliance. The team plans to present actionable legal, technical, and policy ideas to the upcoming Biden administration by early spring. The CEO of IST, Philip Reiner, is optimistic about the team expanding its knowledge base more as word spreads, saying:

“We intend to work quickly. We’re looking to pool our resources and point out to people where they can get information about ransomware, plus have some clear ideas we can present in the form of new laws and funding required to combat ransomware.”

The experts who joined the task force felt it was critical for the industry to focus on ransomware with all of the developments made in the hacker-space in 2020. The RTF has put together what Sachin Bansal, general counsel of SecurityScorecard calls the ‘Avengers’ of cybersecurity to proactively combat ransomware, and they’re hoping other high-profile organizations join the fight. 

Now’s the time for the industry to officially work on the ransomware concern, especially as the attacks have only increased in recent years. Resilience COO and RTF board member Michael McNerney said, 

“Our idea in developing the task force was that it was bigger than any one company or group. It also got to the point this past fall where hospitals were getting attacked with ransomware, so the threat to the public has increased. There have also been many state and local governments that have been hit with ransomware.”

Conclusion

Work has been done in the past in an attempt to combat ransomware, but the task force’s main goal is to reduce the impacts of these newer ransomware attacks. Helping companies avoid ransomware altogether is the main priority of this working group. While the RTF does it’s great work in the cyber-space, there are actions you and your business must take to improve your security and reduce the likelihood of falling victim to ransomware attacks: 

• adopt two-factor authentication to prevent a password breach of your business’s VPN, email services, and any other critical service that is directly Internet accessible;
• regularly backup data following the 3-2-1 backup method for backing up all your critical and sensitive data;
• train employees on how to spot and avoid phishing attacks – the primary way ransomware attacks occur;
• test employees on their training to validate they can spot and delete rather than click and succumb to a ransomware attack; and
• have a documented and tested Business Continuity and Disaster Recovery (BCDR) plan.

There are many other protective measures that go into a robust cybersecurity program including performing a risk assessment, building a risk management framework, and various technical protections.  Learn all about these and start building your robust defense-in-depth cybersecurity plan at CyberHoot.

Sources: 

Dark Reading

Ransomware – Cybrary Term

Additional Readings:

GandCrab Ransomware

Garmin Ransomware Attack

Maze Ransomware