- On Thursday a task force of 65 companies and agencies released an 80-page report on ransomware.
- The report makes recommendations for the Biden administration, companies, and law enforcement.
- Microsoft, Amazon, FireEye, and the FBI are among organizations involved in the three-month effort.
- See more stories on Insider’s business page.
A massive new report from 65 organizations warns companies how to respond if they’re targeted by cybersecurity’s worst problem:
March video conference calls of the Ransomware Task Force — which includes members from 65 agencies, among them Microsoft, Amazon, FireEye, the FBI, and Europol — “could get pretty heated,” according to task force leader Philip Reiner.
The task force – which released an 80-page report with recommendations for the White House on Thursday – held frank working session several times a week for three months to hammer out tactics to rein in what may be cybersecurity’s worst problem right now. Last year, criminals paralyzed thousands of companies and organizations by locking up their computer networks and demanding a ransom.
“The conversations were robust with healthy arguments and debates,” said Reiner. He’s accustomed to calmly managing conflict: He served as former President Barack Obama’s top expert on Pakistan’s nuclear program (and would unwind after work by tending orchids). “We had over 60 folks involved across all different sectors. Everyone was earnestly focused on coming up with solutions.”
The task force also delivers the report on Thursday to organizations in the United Kingdom, Canada, and the Netherlands and it paints a stark picture of ransomware’s multi-billion-dollar toll.
Thousands of businesses and roughly 2,400 schools, hospitals, and government offices were victims of ransomware in the US in 2020. The average attack took organizations offline for 21 days and recovery took 287 days on average, according to the report.
Meanwhile, the cost of ransoms continues to climb: Security firm Palo Alto Networks pegged the average ransom payout at $312,493 in 2020, a 171% jump from the year prior.
The task force is proposing a new White House-led working group focused on ransomware that would be housed under the National Security Council with private industry participation, as well as the creation of a fund to support victims of ransomware and clearer requirements for businesses to report ransom payments.
One of its most urgent goals is to stanch the flow of cash from hacked companies to ransomware operators. While the task force initially considered recommending a blanket ban on ransom payments, it ultimately focused instead on preventive measures given the fact that some businesses – like hospitals offering life-saving care – might not have the choice to withhold a payment.
“We’re trying to be realistic about the fact that an outright ban at this point in time is probably not feasible,” said Palo Alto Networks vice president John Davis, a retired US Army general and co-chair of the task force. “Our approach is designed to, uh, make it easier for fewer organizations to have to make that decision.”
Cryptocurrency is listed as a key vector for cybercriminals to secure ransoms, and the task force calls on governments to step up their efforts to monitor and regulate blockchain payments. Existing laws against money laundering, fraud, and financing terrorism should be enforced in the cryptocurrency space, the report argues.
The report places crosshairs on the Russian government, which the Biden administration accused of funding cybercriminals when it announced sanctions earlier this month. The ransomware task force encourages more “carrot and stick” diplomacy if evidence of state-sponsored ransomware continues to surface.
Top names in cybersecurity praise the task force’s work:
“They showed initiative and commitment and have delivered an actionable roadmap for helping us get through our current digital crisis,” said Christopher Krebs in a written statement to Insider. The nation’s former top cybersecurity official and an external advisor to the task force said “I encourage the administration to take the recommendations on board and implement quickly, together with private industry.”
Charles Carmakal, whose team at FireEye Mandiant discovered the SolarWinds supply chain attacks, served on the task force and urged organizations to adopt its suggestions. “Multifaceted extortion and ransomware is the most prevalent cybersecurity threat to organizations today,” Carmakal said in a written statement to Insider.
Task force chair Reiner said Biden appears to be taking a more serious approach to the issue than his predecessor. “I would argue that Trump and his administration could have put a higher priority on this problem,” he told Insider. “All indications are that this administration is really upping the priority cybersecurity, and they’re backing that up with the right people.”
Reiner is the executive director of the Institute for Security and Technology, a nonpartisan, nonprofit national security think tank in the San Francisco Bay Area with funding from organizations including the Hewlett Foundation.
Business News Governmental News Finance News