Ransomware eradication framework proposed by the U.S. Ransomware Task Force

Ransomware, a’complete crime’ in the Internet era, is spreading at a rapid rate. Some believe it has grown by more than 150% in 2020, and there are no signs that it will soften in 2021. As larger and more vulnerable organizations, such as police, hospitals, local organizations, and schools, are targeted by ransomware attacks, the average ransom required has jumped 43% since the fourth quarter of 2020, reaching $22,298 in the first quarter of 2021.
ⓒ Getty Images Bank

There are two factors that ransomware has to do. First, it is easy for cybercriminals to make money with ransomware. Second, the fact that law enforcement authorities are almost helpless against ransomware-type attacks is another factor that fueled the ransomware market.

The US Biden Administration’s Justice Department recognized the worsening ransomware problem and launched the Ransomware Task Force. The task force is known to target the entire digital ecosystem that supports ransomware, and consists of the Department of Justice’s Criminal Department, the State Security Department, the Civil Department and the FBI, and the U.S. law enforcement office supporting up to 93 prosecutors across the United States.

A coalition of more than 60 experts who volunteered in various fields such as industry, judicial, insurance, and international proposed a comprehensive countermeasure system. The framework consists of 48 actions that governments and industry can take to break down the ransomware market.

The Ransomware Countermeasure Group, mainly organized by the Security Technology Research Institute, recently released a report titled .


Five Priority Practices for Ransomware Response

Among the 48 recommendations for action by the Countermeasure Group, the following are defined as’priority’.
1. We must actively and firstly fight ransomware through international diplomatic and judicial cooperation. To do this, it is necessary to establish a comprehensive strategy in which resources are put into place, and the details include a loyalty and threat method that prevents each country from providing a safe haven for ransomware criminals.

2. The United States must take the lead in eradication, and consistently and actively implement the intelligence-led campaign against ransomware organized by the White House. Contents that should be included in this movement in the United States are ▲ Establishment of a working group between relevant ministries led by the National Security Council (NSC) in cooperation with the initiating national cyber officer ▲ Establishment of an internal US government joint ransomware countermeasure ▲ Informal ransomware threats led by private companies Such as establishing a central cooperation hub.

3. Governments of each country should establish cyber response and recovery funds to support cyber security activities, such as countermeasures against ransomware. In addition, it is mandatory to report the ransom payment to each agency and company and to consider alternatives before the ransom payment is paid.

4. International cooperation efforts should be undertaken to develop a clear and accessible system that is widely adopted to support each company’s preparedness and response to ransomware attacks. Incentives (penalty exemptions and funding) or regulations may be needed to increase adoption in areas of high importance but lack of resource input.

5. Regulations in the cryptocurrency sector that enable ransomware crime should be strengthened. The governments of each country have adopted the Know Your Customer (KYC) Act, Anti-Money Laundering (AML) Act, Combating Financing of Terrorism, etc. , CFT) laws and other existing laws must be compulsory.

According to the report of the Countermeasures Group, ransomware is unique to national security by endangering essential infrastructure and public health, threatening human life, distributing essential public resources and disrupting schools at different levels, unlike many other types of cybercrime. Poses a threat.

The economic blow goes beyond the ransom cost and includes downtime and recovery time. This cost can be many times greater than the absolute amount of the ransom demanded.

It is the insurance company’s job to exacerbate the ransomware problem. Insurance companies can unintentionally instigate more attacks by playing a role in supporting institutions and businesses that have been attacked by ransomware. Therefore, the report on the countermeasures group suggests ways that the insurance industry can support strength, such as strengthening basic security requirements for insurance subscriptions.


Prioritizing the relationship between ransomware and governments

The task force is particularly interested in the relationship between ransomware and governments. According to the report, several ransomware criminals are working without punishment. This is because the country’s government is not willing or capable of prosecuting this type of crime. On the other hand, there are cases where ransomware attackers are rather sponsored by the state.

Chris Painter, one of the co-chairs of the Ransomware Countermeasures Working Group, said in an interview with our journal, “We haven’t been able to focus on the ransomware issue as much as we want, both as a global community and as an American community.” have. This leads to the same level of national threat as the recent SolarWinds hack.”

Painter pointed out that support activities are underway to cope with the influx of ransomware, but that is not enough. “There have been many effective measures against ransomware and ransomware targets. Among them, the recent dismantling of Emotet is a declaration of’No More Ransom’ by the European Criminal Police Agency (Europol). “It’s all good, but there is no common approach to this problem. We haven’t reached the level of bringing together all the tools we have nationally and internationally to eradicate ransomware first. If we don’t, the problem will only get worse.” did.

The task force’s ultimate goal is to make it difficult for cybercriminals to make money easily from ransomware attacks as they do now. “The way is to increase the cost of attacking ransomware actors,” Painter said. It follows the cryptocurrency and their infrastructure, the way attackers make money. The emotet activity was one of them. It strengthens the target so that ransomware actors don’t benefit as much as they used to be.”


International cooperation makes ransomware less attractive

The international cooperation aspect of the operation of the countermeasure group is a key factor in making ransomware less attractive. “My role has two parts,” said Painter, who led the first cybersecurity secretariat under President Obama’s State Department. One is to set up alliances with other countries to pursue ransomware actors. This work was carried out to some extent, such as dismantling the emotet. However, we need to expand this a bit further and have a strategic international way to prioritize the task of pursuing actors.”

According to Painter, the second part of solving the ransomware problem is to pursue a safe haven for ransomware actors protected by their own government. “These safe havens fall into two categories,” Painter said. One is a country that isn’t doing enough or is currently doing nothing. “You should be able to work with these countries to do things like joint investigations and capacity building, and you should be able to encourage people to feel that this is important.”

“The more difficult part is how to deal with countries that are encouraging ransomware or aren’t interested in cooperation. Russia has always been difficult to deal with. In order to respond to attacks like Solarwinds, we need to increase pressure to counter Russia.” “You have to use all the tools you have. For example, you can do sanctions, but you can go beyond that,” he added. [email protected]


Source: ITWorld Korea by www.itworld.co.kr.

*The article has been translated based on the content of ITWorld Korea by www.itworld.co.kr. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!