Coalition unveils plan to help government, industry confront ransomware attacks

A coalition of experts on Thursday unveiled a road map for the federal government and industry to potentially use in combating ransomware attacks, which have spiked over the past year as hackers targeted organizations including hospitals and schools. 

The report, created by the Institute for Security and Technology’s Ransomware Task Force, describes ransomware attacks as an “urgent national security risk,” and lays out 48 steps to take to immediately work across the public and private sector to confront the threat.

“Tackling ransomware will not be easy; there is no silver bullet for solving this challenge,” task force members wrote. “This global challenge demands an ‘all hands on deck’ approach, with support from the highest levels of government.”

The report serves as one of the first major efforts to present the federal government and industry leaders with a plan to combat ransomware attacks, which have increased massively during the COVID-19 pandemic. 

According to data cited in the report, nearly 2,400 U.S. organizations were victimized by ransomware in 2020, including nearly 1,700 U.S. schools, colleges and universities, and 560 health care facilities, delaying and endangering patient treatment. Additionally, ransomware victims paid close to $350 million worth of cryptocurrency in 2020 to unlock their systems, an increase of more than 300 percent from 2019.

“Ransomware, it puts peoples’ lives at risk,” Philip Reiner, the CEO of the Institute for Security and Technology, told The Hill earlier this week. “We are talking about the statistical reality which is when you attack a hospital and take it offline for weeks at a time, you are very much contributing to increased risk of severe physical damage and loss of life.”

The recommendations laid out in the report center on the need for the U.S. to work with international governments and law enforcement to create a coordinated strategy to confront ransomware attacks, and urge the White House to coordinate an “anti-ransomware campaign.” 

Concerns around cryptocurrency were also highlighted, with the task force recommending more regulation of the sector, and a focus on disrupting the ransomware business model for cyber criminals. 

Leaders from major cybersecurity and tech groups were involved in crafting the report, including representatives from FireEye, Microsoft, McAfee and Crowdstrike, alongside officials from the FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Secret Service. Officials from the United Kingdom and Canada were also involved. 

“We wanted to make sure that this was a public-private conversation, so CISA was involved from the beginning, the FBI was involved from the beginning,” Reiner said. “We are really going to be pushing for this to be a higher-level, coordinated, whole of government effort.”

The report’s rollout follows on the heels of a concerted effort by the Biden administration to confront ransomware attacks. 

Homeland Security Secretary Alejandro Mayorkas described the wave of ransomware attacks during a speech in February as an “epidemic,” and announced in March that combating ransomware would be the first of several cyber-focused 60-day sprints undertaken by the agency. 

Mayorkas will give a keynote address Thursday afternoon as part of an event hosted by the Institute for Security and Technology to roll out the report. 

Additionally, the Department of Justice last week established a Ransomware and Digital Extortion Task Force to further concentrate agency efforts to investigate and prosecute cyber criminals behind ransomware attacks. 

Assistant Attorney General for National Security John Demers on Wednesday told reporters during a virtual event hosted by George Washington University that the Justice Department had seen “a very significant increase in ransomware attacks” from both cybercriminals and nation states. 

“The idea is we all have a problem, it’s a problem that has been getting worse, which is ransomware,” Demers said. “We need to be working as a department and as an agency on this issue.”

Capitol Hill has also increasingly taken notice of the threat of ransomware. The House Homeland Security Committee’s cybersecurity subcommittee is scheduled to hold a hearing on May 5 to explore policy solutions to ransomware attacks. 

Reiner told The Hill that members of the task force could be involved in the hearing, and that there were conversations ongoing about potential legislation stemming from the strategy with members of Congress.

“The most important thing about this report is that the report itself is the beginning, and the most important thing is what happens hereafter, and that these steps are actually taken,” Reiner said. “If this isn’t gotten after by both the executive branch and legislative branch with a greater level of focus and resources, then it is not going to shift, it is just going to get worse.”