Can the ransomware task force stem the tide of attacks?
The growth in ransomware during the past 18 months has been well documented, but the very public nature of recent attacks has prompted governments to sit up and take action. Indeed, Acting Deputy Attorney General John Carlin recently remarked that ransomware isn't just an economic threat to the country, but also poses a significant risk to the safety and health of American citizens.
To try and ward off that threat, the Justice Department has formed a task force to help combat the proliferation of ransomware attacks.
“By any measure, 2020 was the worst year ever when it comes to ransomware and related extortion events,” Mr. Carlin, who previously ran the Justice Department’s national security division during the Obama administration, told The Wall Street Journal. “And if we don’t break the back of this cycle, a problem that’s already bad is going to get worse.”
Heads in the sand
While there is no smoking gun per se to link attacks like those on the Colonial Pipeline, which saw $4.4 million in ransom paid out, to the Russian government, there is nonetheless a responsibility of the government to deal with the criminals that are operating within the country.
That's the argument made by President Joe Biden recently, but it's an argument that is likely to fall on deaf ears, not least because the line between organized crime and the Russian government is so fuzzy.
At the very least, the Russian state is turning a blind eye to the criminal activities being undertaken in their country, at worst they're actively supporting it.
This is a clear breach of international law, which states that governments have a responsibility to not knowingly allow international crime to be conducted within their borders, but the Kremlin has a habit of resisting such international norms. It's perhaps not surprising, therefore, that they've denied any involvement in the Colonial Pipeline attack, nor indeed they instead placed the blame on the United States.
It’s in this context that the Institute for Security and Technology launched a task force, complete with members from the likes of Microsoft, Cisco, and Amazon, as well as the UK’s National Crime Agency, the FBI, and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, to try and better address the ransomware problem. A recent report from the group argues for a much more aggressive response to ransomware.
The paper calls for both the public and private sector to bolster their defenses, strengthen the kind of international laws and conventions that Russia so brazenly breach, develop more effective response plans, and tighten up regulations of the cryptocurrencies that are so often used to pay the ransoms.
A separate task force has also been created by the US Department of Justice, with the Department of Homeland Security also announcing recently that it will beef up its efforts to fight ransomware. Neither of these agencies actually make policy, however, and the US has historically struggled to initiate a coordinated response to ransomware.
A national security issue
With the Colonial Pipeline attack fresh in everyone’s minds, there is a growing appreciation that ransomware has become a national security issue. The report outlines a number of threats posed by ransomware, and the steps actors could take to minimize that risk, but a major problem is one of jurisdiction, with many ransomware attacks initiated in countries like Russia, who as mentioned, seem to be taking a much more lackadaisical approach.
As is so often the case with task forces, however, the challenge will largely be one of converting well-meant and well-thought-through recommendations into coordinated action.
History is littered with examples of such bodies becoming effective talking shops but seldom really driving meaningful change.
Hopefully, by bringing together leading figures from the public and private sectors, however, the task force will avoid this fate.
One of the key recommendations from the report is the creation of a working group that will contain stakeholders from a number of agencies working under the auspices of the White House but featuring participants from the National Security Council, an industry ransomware threat center, and an internal government ransomware task force.
Given the inherent difficulties in tackling countries like Russia, it seems like the most effective approach, in the short term at least, will be to target the payment mechanisms used to solicit the ransoms. After all, if criminals can’t make money from the attacks then their motivation for initiating them will significantly reduce. It’s a solution that is by no means straightforward, however, especially when some victims, such as hospitals, may need to resolve any attacks as quickly as possible, and therefore paying up may be the best strategy for them to adopt.
“The decision of the US Department of Justice to form a Ransomware and Digital Extortion Task Force is a sobering reminder of the current cybercrime wave," Chris Pogue, Head of Strategic Alliances at Nuix told me.
"Without a clear strategy, the task force will simply remain a good idea and not a realized solution, especially since stopping external attacks completely is not a realistic objective.”Chris Pogue
It remains to be seen whether the task force will effectively counter the growing ransomware threat, therefore, but it is at least a positive sign that the threat is being taken seriously enough to pull most major players together to discuss solutions.