A task force attached to the Institute for Security and Technology (IST) has released set of recommendations to combat the ransomware scourge currently hitting organizations around the world.
Titled Combating Ransomware – A Comprehensive Framework for Action, the document represents the work of a coalition of more than 60 experts from various industries, public and private, large and small, including software, government, cybersecurity, financial services, civil society, and education.
A total of 48 recommendations are included in the document, focused on four major goals: to deter ransomware attacks and disrupt this business model, and to help organizations better prepare for attacks and efficiently respond to them.
Ransomware, the document explains, has plagued the entire world, across industries, with little regard to human life: it resulted in hospitals and schools being shut down, and also affected the police, governments, and military facilities.
In 2020 alone, roughly 2400 government organizations, healthcare facilities, and schools fell victim to ransomware in the United States alone. More than $350 million are believed to have been paid in ransom throughout the year, but the actual cost of an attack is far greater than the ransom itself.
[ Related: Inside the Ransomware Economy ]
“It is also a crime that funnels both private funds and tax dollars toward global criminal organizations. The proceeds stolen from victims may be financing illicit activities ranging from human trafficking to the development and proliferation of weapons of mass destruction,” the task force said..
Thus, the RTF believes that the fight against ransomware requires an “all hands on deck” approach, where everyone is involved, from U.S. and international leaders to industry, lawmakers, and civil society.
“Countless people around the world are already working tirelessly to blunt the onslaught of ransomware attacks. But no single entity alone has the requisite resources, skills, capabilities, or authorities to significantly constrain this global criminal enterprise,” the task force added.
Thus, the RTF recommends that ransomware should become a priority for international diplomatic and law enforcement efforts; that the US should set an example through an aggressive anti-ransomware campaign; that cyber-response and recovery funds should be established by each government to support ransomware response; that a clear, accessible framework to help respond to ransomware attacks should be developed and adopted internationally; and that the crypto-currency sector, which enables ransomware crime, should be closely regulated.
“The ransomware threat continues to worsen daily. The actions detailed in this report need to be enacted together as soon as possible, and must be coordinated at a national and international level in order to have the necessary impact. Proposing this framework is merely the first step, and the real challenge is in implementation,” the group said.