Ransomware Task Force aims to disrupt ransomware payments globally

The new coalition aims for a unified, comprehensive, public-private campaign against ransomware groups

The Ransomware Task Force, an alliance of some of the world's top tech firm and government agencies, has released a new framework that aims to disrupt ransomware groups by going after their financial operations and limiting their ability to get paid.

The Institute for Science and Technology (IST) announced the RTF in December last year, stating that it would include more than 60 members from technology and software firms, government agencies, financial services and cyber security firms, and academic institutions, among others.

Names that have agreed to participate in the project include the UK's National Cybersecurity Centre and National Crime Agency, USA's Department of Justice, Cybersecurity and Infrastructure Security Agency and FBI, as well as Europol, Microsoft, Amazon and Cisco.

The new framework calls for a unified, comprehensive, public-private campaign against ransomware gangs.

The IST says ransomware is one of the most widespread cyber security threats in society, posing a significant risk to national security and global public health. It believes that, in the absence of a global coordinated response, ransomware attacks will continue to grow in severity and size.

'These recommendations are informed by a deep bench of experts and are immediately actionable, together forming a framework to reduce this criminal enterprise,' the group says.

Philip Reiner, chief executive of the IST and executive director of the RTF, noted that the cost of ransoms paid has nearly doubled in the past 12 months, creating new risks - many of which go far beyond financial damages.

Modern ransomware attacks disturb critical infrastructure, delay lifesaving medical treatment, and threaten national security.

The 81-page report, which the IST delivered to the Biden administration this week, urges the President to make finding and apprehending ransomware operators a priority for the US intelligence community.

The proposed solutions are grouped under four main themes: Deter, Disrupt, Prepare and Respond.

It suggests dissuading organisations from paying ransoms to cyber criminals; hitting payment systems threat actors use to collect ransoms; and putting international pressure on countries that serve as safe havens for ransomware operators.

It also proposes a NIST-type framework for ransomware, to help guide victims from prevention through response.

The effort comes as ransomware has become one of the most disruptive types of cyber attacks in the world.

More than half of the organisations that suffered a cyber-intrusion incident in 2020 were actually hit with a ransomware attack, the CrowdStrike Services Cyber Front Lines Report said in December last year.

In 2019, British firms were hit by nearly 5,000 ransomware attacks through the course of the year, forcing them to pay out nearly £210 million in ransoms to cyber criminals. The UK came sixth in the list of countries paying out ransoms, with the US on the top (paying $1.3 billion to hackers).