Ransomware is a significant societal problem. If you’re unaware of how it works, read our previous blog on the topic. 2020 was a banner year for ransomware gangs, as analysts estimate they brought in approximately $350 million, with the average payment exceeding $315,000[1]. It’s gotten so concerning that 60+ government agencies and industry leaders formed a task force to tackle the situation.
Key members include the United States Department of Justice, the FBI, the Department of Homeland Security, Europol, Microsoft, Amazon, Cisco, and more. They recently published an 81-page document that discusses the issue and creates a framework for dealing with ransomware[2]. Lucky for you, we read it, so you don’t have to. Here’s the easily digestible summary.
Definition of ransomware
The first quarter or so of the report focuses on defining ransomware and the tactics threat actors use. These are covered in our previous blog if you’re interested. To summarize quickly, ransomware is a type of malware malicious agents install on high-priority computer systems, typically governmental organizations or successful businesses.
Once they infect these networks, the malware moves throughout them and encrypts or exfiltrates the files it finds. A ransom is given that the organizations must pay to decrypt their data or prevent the hackers from leaking it on the internet.
Some rather nasty gangs require double ransoms, one for decryption, the other for not leaking the information. It’s known as double-extortion and is becoming a popular tactic. Now, onto the proposed framework.
The framework for fighting ransomware
We should note that this document’s crux lies in the need for international cooperation for its implementation. Although the United States suffers the majority of ransomware attacks, it is a global problem. The perpetrators come from many different countries such as Russia, Iran, and North Korea, which have zero incentive to stop. This means the rest of the global community needs to agree to the framework for it to work.
Goal 1: Deter
The first goal of the framework is to prevent as many ransomware infections as possible. The document outlines various steps the world must take to do so:
Establish an international ransomware coalition. Governments and corporations around the world have to come together. The document suggests that leaders must communicate regularly about the threats to keep the global community informed about new groups and malware variants. It outlines that nations should create “investigation hub” networks for data sharing and analysis.
The U.S. Government should prioritize ransomware policy. The task force wants the United States, in particular, to get tough on ransomware. It proposes the intelligence community designate it as a formal national security threat and for the DoJ to prosecute ransomware cases more aggressively. Furthermore, it wants the U.S. to levy sanctions against countries that harbor ransomware gangs to increase pressure for cooperation.
Goal 2: Disrupt
The second objective is to disrupt the current business of ransomware gangs and make it a less profitable endeavor. The task force recommends:
Crack down on cryptocurrency markets. Ransomware groups force victims to pay nearly all ransom payments in cryptocurrency. They do this because cryptocurrencies are borderless and can be challenging to track. There are anonymous exchanges, privacy coins, and techniques to exchange the assets from cryptocurrency to cryptocurrency to obfuscate the origins. The report suggests governments provide more of a regulatory framework to this market. It wants exchanges to follow current anti-money laundering laws to which other financial institutions must adhere.
Create an insurance company consortium. Insurance companies do offer protective plans against ransomware. The task force would like to see collaboration and data sharing between these organizations. It claims this could reduce payments to sanctioned or terrorist bodies since they could use the mass amount of information to get a clearer picture of the groups demanding the ransoms.
Target infrastructure used by criminals. Ransomware campaigns require significant computer infrastructure. The report proposes international cooperation that targets these systems and brings them down.
Goal 3: Help
Unfortunately, many organizations aren’t well prepared for ransomware attacks. The fact is that most organizations over a certain size will be targeted sooner than later. The task force recognizes this and wants to provide these organizations with more information and better toolsets to deal with attacks. It advises:
Create and highlight complementary materials for the framework’s adoption. There are a significant amount of readily available materials about ransomware prevention and mitigation. The task force wants to promote these existing materials and create new ones to fill in any information gaps. The new materials should be geared toward organizational leaders and include specific implementation procedures.
Require government agencies to follow guidelines and incentivize private businesses. The task force wants to include ransomware-specific guidelines in existing cyber-hygiene standards and require government agencies to follow them. Furthermore, it supports creating more grants while alleviating fines and taxes for private companies that follow the framework. This would make a strong incentive for everyone to be on board.
Goal 4: Respond
Organizations need a more effective response after a ransomware infection. This goal aims to aid businesses and agencies after an incident. The task force recommends:
Increased support for victims. Ransomware is destructive and could be incredibly dangerous if it affected critical infrastructure or health-based organizations such as hospitals. The task force wants to set up a relief fund that would help funnel resources quickly if such a situation ever occurs.
Encouragement to report ransomware. Ransomware attacks are embarrassing for companies, and many don’t even report them. This stops the flow of information and hinders future efforts to predict and prevent attacks. The task force feels proper encouragement and education materials are crucial to getting an accurate, holistic picture of the insidious malware.
Educate organizations about payment alternatives. The truth is, if organizations stopped paying the ransoms, the income would dry up for ransomware gangs, and it would no longer be a worthwhile endeavor. This is easier said than done, as some data is very sensitive and perhaps not backed up offline. Still, the task force urges companies to look at the alternatives to paying whenever possible.
Potential roadblocks
These all sound like good suggestions and would actually go a long way in fighting ransomware if implemented adequately. However, there are some weaknesses to consider:
Privacy concerns. If the world at large enacts this framework, governments and businesses will share a lot of data. As with most scenarios regarding Big Data collection, this has a good chance of going awry from a privacy standpoint. Is it worth it? A detailed cost-benefit analysis would have to be done, but AXEL believes the possibility of abuse is too great as-is. The fact is, even if governments gave privacy guarantees, they don’t mean much.
Inefficient bureaucracy. The task force recommends multiple new governmental and private-public partnership organizations created to combat ransomware. It’s admirable to put so much thought into methods to take on the problem, but additional levels of bureaucracy may prove (as they typically do) to be inefficient.
Data security
AXEL believes that basic education about cybersecurity best practices for all members of an organization is the best way to prevent ransomware infections currently. While all systems have technical weaknesses, the biggest weakness tends to be the human factor. Teaching employees to be vigilant about ransomware and understand the risks entirely is effective.
Another part of the equation is data security. Are you storing and sharing data securely? If not, or you aren’t sure, you should try AXEL Go. AXEL Go utilizes multiple layers of security to protect data from malicious agents. You can read more about our use of technology and download the app to try for yourself at AXELGo.app. Sign up today and receive a free 14-day trial of our Premium service.
[1] “Ransomware Skyrocketed in 2020, But There May Be Fewer Culprits Than You Think”, ChainAnalysis.com, Jan. 26, 2021, https://blog.chainalysis.com/reports/ransomware-ecosystem-crypto-crime-2021
[2] Ransomware Task Force, “Combatting Ransomware”, SecurityAndTechnology.org, April 2021, https://securityandtechnology.org/wp-content/uploads/2021/04/IST-Ransomware-Task-Force-Report.pdf