Multi-Sector Ransomware Task Force Debuts
January 8, 2021
Institute for Security and Technology (IST) — in partnership with a broad
coalition of experts in industry, government, law enforcement, nonprofits,
cybersecurity insurance, and international organizations — is launching a new
Ransomware Task Force (RTF) to tackle this increasingly prevalent and
destructive type of cybercrime. The RTF’s founding members understand that
ransomware is too large of a threat for any one entity to address, and have come
together to provide clear recommendations for both public and private action
that will significantly reduce the threat posed by this criminal enterprise.
Ransomware incidents have been growing unchecked, and this economically
destructive cybercrime has increasingly led to dangerous, physical consequences.
Hospitals, school districts, city governments, and others have found their
networks held hostage by malicious actors seeking payouts. This crime transcends
sectors and requires bringing all affected stakeholders to the table to
synthesize a clear framework of actionable solutions, which is why IST and our
coalition of partners are launching this Task Force for a two-to-three month
The RTF will assess existing solutions at varying levels of the ransomware kill
chain, identify gaps in solution application, and create a roadmap of concrete
objectives and actionable milestones for high-level decision-makers. To
contribute to the final roadmap, the RTF will commission expert papers and
engage stakeholders across industries to coalesce around vetted solutions.
Stéphane Duguin, Chief Executive Officer of the
CyberPeace Institute said, "The ransomware
criminal model is a profound and systemic threat to cyberpeace. Since 1989,
continuous criminal innovation has been in its DNA. Any response should address
its evolution in reach, scale, anonymity and accountability.
Reach: Ransomware, from widespread campaigns to precise sophisticated
attacks, targets everyone. The only discriminative factor is whether or not the
criminal group can generate profit. The old ransomware model has evolved beyond
simple extortion. Ransomware groups are now adding pressure by threatening
publication of data should victims not pay. This double extortion scheme evolved
recently into triple extortion: criminals are now going against people,
threatening to leak their personal information on the internet.
Scale: Ransomware has evolved into a collaborative criminal model,
facilitating the process of deploying ransomware attacks for non-technical
cybercriminals. This is known as Ransomware-as-a-Service and it augments the
size of the threat in an unprecedented way.
Anonymity: With ransomware, criminals are obfuscating the criminal
kill-chain, from abusing encryption to hide footprints to benefiting from
anonymous international money laundering schemes.
Accountability: The criminal groups profit from the reluctance of
victims to denounce attacks. They also benefit from the incapacity of states to
adapt their prosecution and international cooperation capabilities to the level
of the threat. Finally, they make use of state-led research and development
which is weaponized against civilian populations when it escapes government
These developments cannot be addressed by one entity alone. This is why the
CyberPeace Institute is joining the Ransomware Task Force, where it seeks to
provide its expertise, especially in the field of attacks against healthcare.
The Task Force is a multi-stakeholder project which will act as a force
multiplier to existing initiatives and scale up partnerships against ransomware.
Criminals have been cooperating for long in cyberspace, it is time for the
international community to step up. It takes a coalition to protect a network."