60-Member Ransomware Task Force Has a Plan to Crack Down on Ransomware Criminals

Illustration for article titled 60-Member Ransomware Task Force Has a Plan to Crack Down on Ransomware Criminals
Photo: Rob Engelaar / ANP / AFP (Getty Images)

A new, Big-Tech-backed coalition is lobbying the Biden administration to more aggressively pursue the threat of ransomware. In a report sent to the White House this week, members of the new group—simply called the Ransomware Task Force—have asked the president and the U.S. intelligence community to prioritize the disruption of cybercriminal networks involved in the ongoing malware attacks against U.S. targets.

Advertisement

The 80-page report envisions a comprehensive strategy that brings public and private sectors together to more effectively target the underworld business model that supports ransomware, focusing on specific policies to bring down the infrastructure, payment systems, and individual criminal groups behind many of these attacks.

Launched by a Silicon Valley think-tank called the Institute of Security and Technology, the RTF has a diverse membership of more than 60 entities—ranging from people connected to large firms like Amazon and Microsoft to prominent cybersecurity companies such as FireEye, CrowdStrike, BlueVoyant, McAfee, and others. The group also includes staff from federal agencies like the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, and the Department of Homeland Security.

While ransomware has been around for decades, the last few years have seen a precipitous swell in U.S.-based activity—with state and local governments, schools, and businesses all feeling the brunt of such attacks. Recent incidents—like the leaking of sensitive internal police documents, or the widespread targeting of hospitals during the pandemic—also illustrate the increasingly aggressive and dangerous tactics that criminal groups are willing to carry out in order to seek payouts.

“Ransomware is not just financial extortion; it is a crime that transcends business, government, academic, and geographic boundaries,” the report states. “It is also a crime that funnels both private funds and tax dollars toward global criminal organizations. The proceeds stolen from victims may be financing illicit activities ranging from human trafficking to the development and proliferation of weapons of mass destruction.”

One of the more ambitious goals outlined in the report is to more effectively track the financial transactions connected to cyberattacks. “Ransomware attacks are profitable because ransom payments are made through the use of diverse cryptocurrencies, where payments are difficult to trace and can easily be laundered,” the report states. “The challenge for governments is to find new ways to get inside the ransomware payments process. It will be important to set measurable goals to assess progress toward this objective.” The report suggests developing relationships with blockchain analytic companies that can chart and map illicit activity on crypto platforms.

Unfortunately, it’s not totally clear whether the goals outlined in the report are actually that feasible or whether they will be pursued by policymakers, but it’s nevertheless a good sign that businesses and government are at least thinking about all this. For far too long, the U.S. has lacked even a basic strategy for how to address ransomware—and criminals, responsible for terribly destructive extortions, have mostly gotten off scot-free, as a very slim list of successful convictions demonstrates. The RTF’s report comes at a time when other groups, both public and private, are trying to figure out that strategy (the U.S. Justice Department recently launched its own task force dedicated to the issue), likely because—as a large data leak from the Illinois Attorney’s General’s Office today shows—this problem is getting ridiculous.

Advertisement

Staff writer at Gizmodo

DISCUSSION

Maybe if employers also started making examples of people who are opening up the crap attachments? The behavior that enables this stuff is not being properly trained to prevent it — nor is bad computer habits being dealt with.

First, do thorough training. And do real testing/validation so people understand what is legit — not the BS testing we’ve all seen, like internal emails from security and then they ask why you opened it. “Well, it came from within the company and looked important.” If it came from within the company — and was fake — you have serious problems the average employee shouldn’t have to worry about.

Then, when you find some idiot opening unsafe attachments or downloading stuff they shouldn’t from outside the company deal with it in an appropriate manner. They infested their PC with something? It is a writeup for a first offense, and escalate from there — from the CEO on down. No exceptions. I don’t know how many times I’ve seen “Dave from Accounting” get reamed out for this — But “Bob the VP” repeatedly does it repeatedly with no consequence. And I’ve literally caught people in the same office watching Netflix and bogging down the network in an overseas location. The hourly employees were all canned. The executive — we caught him doing it three more times before we blocked his MAC address from the network and let him explain to upper management why he couldn’t work.

And if they do something that cripples the business — automatic suspension. At a minimum. Or fire their ass. And make sure people know “Bob the VP” opened up an email an attachment on an email for getting an “African’s dick size” and now we have a Ransomware problem, which is why Bob is gone. It will be a long time before someone else opens up random attachments again.