Ransomware Has Crossed Dangerous Threshold
This post is also available in: 
עברית (Hebrew)
“Ransomware is a national security threat,” claims the US Department of Homeland Security (DHS). Threat actors have figured out how to exploit US bureaucratic gaps and inefficiencies to circumvent mitigation and responses. Mitigation is further complicated because many of these threat actors operate in international safe-havens. Such a threat requires a “whole-of-government” approach, to include robust international cooperation.
2,400 US-based public-sector entities — from governments to hospitals and schools — were affected in 2020, with payments totaling $350 million, a 311 percent increase from 2019. In some cases, ransomware attacks on hospitals are alleged to have caused or contributed to patient deaths.
Combating Ransomware: A Comprehensive Framework for Action is a major report published by Ransomware Task Force (RTF), and coordinated by the Institute for Security and Technology. The report is based on the work of people from 60 organizations across the public and private sectors in the US.
The report emphasizes the national security threats and risks of ransomware — from critical infrastructure and public health to the loss of data and privacy. Ransomware has traditionally been viewed as a cybercrime carried out primarily for profit motive, and while that’s still largely true, the evolution of these cyberattacks — specifically, the types of targets — is changing expert perceptions.
Ransomware entails threat actors encrypting the data of victims and then requiring a ransom to decrypt. When executed properly, the encryption is mathematically impossible to crack. Without the proper safeguards in place in advance — such as comprehensive data backups — these attacks force victims into an “impossible choice:” Pay criminals the ransom for the decryption key or face organizationally crippling consequences.
According to breakingdefense.com, the report proposes a framework to achieve four goals:
- Deter ransomware attacks;
- Disrupt the ransomware business model;
- Help organizations prepare; and
- Respond to ransomware attacks more effectively.
As part of the RTF’s proposed whole-of-government effort, the report recommends establishing several new entities to include:
- An Interagency Working Group led by the National Security Council in coordination with the National Cyber Director;
- An internal U.S. Government Joint Ransomware Task Force; and
- A collaborative, private industry-led informal Ransomware Threat Focus Hub.
Raising ransomware to the level of the NSC and newly created NCD signifies a major elevation in priority. These new entities will work independently and in coordination with each other, as well as with international partners.
