Ransomware is a modern-day offshoot of a crime that has plagued humanity for thousands of years: kidnapping for ransom. Cybercriminals simply replaced the theft of a human being with the theft of information. Both are precious, both are fragile and the destruction of either one will lead to the suffering of many. And to avoid such suffering, it is a long-proven fact that people will pay through the nose! The high probability of a payoff is the reason ransomware works.
Although ransomware has been around since at least 1989, the last few years have seen a real explosion in the problem. I have written several blogs about the growing problem of ransomware in the last year, and there is at least one group out there that is not only just as concerned about the problem as I am, they have done something about it.
The Ransomware Task Force (RTF) is an international group of more than 60 experts from organizations and disciplines that include governments, law enforcement agencies, computer security experts, researchers and academics that are backed by Microsoft, Amazon, the FBI and the UK’s National Crime Agency. Together, they have developed and recently released a considered and comprehensive framework for addressing the ransomware problem entitled Combating Ransomware. It is available for free download on the Internet.
One of the main posits of this group is that ransomware has moved past being a mere crime of financial extortion into the realm of a national security issue. Their reasoning behind this is that ransomware has “disproportionately impacted the healthcare industry during the COVID pandemic, and has shut down schools, hospitals, police stations, city governments, and U.S. military facilities. It is also a crime that funnels both private funds and tax dollars toward global criminal organizations.” I couldn’t agree more with view, especially in light of the more modern practice of exposing the “kidnapped” and deciphered information of the victims on public websites, sometime even after the ransom has been paid.
The framework begins with five high-level priority recommendations that include (paraphrased):
- Coordinating international diplomatic efforts to fight ransomware employing a comprehensive resourced strategy, including a carrot-and-stick approach to direct nation-states away from providing safe havens to ransomware criminals.
- The United States should lead the efforts by example. They should execute a sustained, whole government, intelligence driven anti-ransomware campaign coordinated by the White House.
- Governments should establish funds for fighting ransomware, and should require organization to consider alternatives before making payments.
- There should be a an internationally accepted framework to help organizations prepare for, respond to and recover from ransomware attacks.
- The cryptocurrency sector that enables ransomware crime should be more closely regulated.
Next, the framework dissects the ransomware problem, discussing history, threats/threat actors, impacts to society and business, cyber-insurance and ransomware, the role of cryptocurrency plays in the ransomware problem and more. This information gives the reader a broad picture of ransomware and its effects around the globe.
Next, the comprehensive framework for action is detailed. This framework is based on four basic goals:
- Deter ransomware attacks.
- Disrupt the ransomware business model.
- Help organizations prepare.
- Respond to ransomware attacks more effectively.
These basic goals are then divided into a series of objectives and action items (a total of 48 of these). The RTF Points out that these recommendations need to be wholly implemented to have any chance of being effective, and that the real challenge will come in the actual implementation of the framework. I agree with this assessment as well. Ransomware, indeed modern state-driven cybercrime in general cannot be addressed piecemeal; we all must work together in a coordinated fashion if we are ever to effectively address these ever-worsening problems.