Ransomware Task Force publishes new framework

The recently established international anti-cyber-crime coalition the Ransomware Task Force (RTF) has published a series of nearly 50 recommendations in a major bid to combat cyber threats.

The RTF is a US-led team convened in early 2021 with participants from governments, software firms, cyber security vendors, non-profit and academic institutions from across the world.

Members include Microsoft, Amazon, the FBI and the UK’s National Crime Agency.

The aim of the RTF is to develop a robust plan to tackle the global ransomware threat, through deterring and disrupting the actors while helping ensure organisations are equipped to prepare and respond.

This week the team launched its final report, directed primarily at the US government, which includes a framework of actions that together have the potential to reduce the harm from ransomware attacks globally.

RTF researchers confirmed hundreds of major attacks took place around the world last year, including in the UK, Brazil, Germany, South Africa, India, Saudi Arabia and Australia.

The RTF is now recommending that governments make it mandatory for victims to report if they do pay criminals when it comes to ransomware demands.

The RTF also suggested that the disruption that ransomware demands causes means that ransomware is no longer a cyber security issue for organisations; as the Task Force’s report notes, it has become a national security risk that has the potential to impact public safety, particularly when hospitals and other critical national infrastructure are targeted.

It also added that since there is little an organisation can do once the ransomware hits, preparation is essential.

Commenting on the publication of the framework, the UK’s National Cyber Security Centre said:

“Ransomware has become one of the most frequent and disruptive types of incident that the NCSC deal with. In our 2020 Annual Review, we noted that we’d handled more than three times as many incidents than the previous year. Attackers are increasingly raising the stakes by threatening to leak stolen data publicly victims are reluctant to pay the ransom. We’ve also seen attackers grow more sophisticated, sitting on a network over time and looking round for the most high-value data to encrypt, as well as any online backups to obstruct recovery.”

“During the COVID-19 pandemic, attackers took advantage of the crisis in their selection of targets, which included hospitals in the US and Europe. Here in the UK we saw a spike in ransomware attacks affecting the education sector at a time when institutions were working hard to manage online learning, admissions and testing procedures. We have strengthened our engagement in these sectors in the last year to boost their defences and threat detection capabilities. This includes the NCSC’s Early Warning service, sharing of malicious indicators and active cyber defence measures.”