Skip to content

Illustration by Security Management

Taskforce Issues Recommendations to Combat Rise of Ransomware

A task force recommended a series of actions to mitigate the threat of ransomware, including requiring cryptocurrencies to adopt anti-money laundering regulatory requirements.

Ransomware has evolved into a “serious national security and public health and safety threat, and it’s only going to continue to worsen—putting lives and critical infrastructure at risk,” said Philip Reiner, CEO of the Institute for Security and Technology, in a panel discussion unveiling the recommendations. “This is an international challenge at its core.”

In the United States alone, ransomware has impacted nearly 2,400 state, local, and tribal government entities, as well as hospitals and municipal infrastructure, according to U.S. Department of Homeland Security (DHS) Secretary Alejandro Mayorkas, who spoke at the unveiling. Mayorkas added that it takes an average of 287 days for an organization to recover from a ransomware attack, and that victims paid an estimated $350 million in ransoms in 2020—a 311 percent increase from 2019 payments.

The Ransomware Task Force, created in December 2020 and supported by the Institute for Security and Technology, issued its first report, Combating Ransomware: A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force, on Thursday. The framework is organized around four goals: deterring ransomware attacks through nationally and internationally coordinated strategy; disrupting the ransomware business model to reduce criminal profits; helping organizations prepare for ransomware attacks; and responding to ransomware attacks more effectively.

To accomplish these goals, the taskforce—made up of private and public sector representatives—recommended 48 action items such as establishing an operationally focused U.S. government Joint Ransomware Task Force and a private sector Ransomware Threat Focus Hub. Other recommedations included creating reporting requirements for organizations that pay ransoms and implementing regulatory changes to cryptocurrencies to reduce their use for ransom payments.

Adopting and implementing all the recommendations will be key to addressing the threat of ransomware, as will leadership from the White House, the private sector, and international leaders, said John Davis, vice president of public sector for Palo Alto Networks and a co-chair of the taskforce working group.

“This effort and recommendations must be embraced from the very top,” Davis added. “Without that leadership we will only nibble around the edges of this growing problem.”

Particularly intriguing were the taskforce’s recommendations around implementing regulatory requirements for cryptocurrencies, which are increasingly used—especially Bitcoin—to facilitate ransom payments.

Bitcoin is particularly attractive for criminals engaged in ransomware schemes because it’s “a bit more liquid than the other cryptocurrencies” which may rely on privacy coins, said Kemba Walden, assistant general counsel for the digital crimes unit at Microsoft, also a co-chair of the taskforce.

Walden said that in conversations with cryptocurrency exchanges, the taskforce found that the exchanges do not want illicit activity on their platforms and that there are ways they can collaborate to reduce that activity. For instance, implementing know-your-customer requirements and requiring cryptocurrency exchanges, kiosks, and over-the-counter trading desks to comply with anti-money laundering laws and laws that combat the financing of terrorism.

“Traditional financial institutions that fund these entities should also impose stricter rules,” the taskforce report said. “They should pursue SEC enforcement of cryptocurrency businesses that fail to register as broker-dealers, transfer agents, clearing agencies, and money service businesses (MSBs), with particular focus on mixing services that obfuscate criminal transactions with legal traffic.”

The taskforce’s report shows a change in mindset that is necessary for tackling the problem of ransomware, said Chris Painter, president of the Global Forum on Cyber Expertise Foundation and task force working group co-chair.

Instead, Painter said ransomware needs to be addressed in the same way governments are addressing nation state cyber threats—with high-level action plans from international organizations like the Group of Seven that signal it’s a priority because it is incredibly disruptive and expensive for organizations to address.

Painter added that there also needs to be recognition that addressing ransomware means dealing with countries that may be turning a blind eye to it or sheltering those behind the attacks.

“For that, we have to employ more coercive methods—with our allies and our partners—using financial sanctions and other tools we have in the tool kit,” Painter said. “We have to make it part of our relationship with those countries and apply consistent pressure.”

The task force’s recommendations have been praised in some sectors, but others say they do little to immediately address the issue of ransomware and the plight of victims today.

“Earlier this week, the ransomware gang Babuk threatened to leak 250 gigabytes of data stolen rom the Washington Metropolitan Police Department—including information that could endanger police informants,” WIRED reports. “No amount of recommendations will defuse that situation or the countless others that play out daily around the world.”