Some of the world’s top tech firms are backing a new industry task force focused on disrupting cybercriminal ransomware gangs by limiting their ability to get paid, and targeting the individuals and finances of the organized thieves behind these crimes.
In a 81-page report delivered to the Biden administration this week, top executives from Amazon, Cisco, FireEye, McAfee, Microsoft and dozens of other firms joined the U.S. Department of Justice (DOJ), Europol and the U.K. National Crime Agency in calling for an international coalition to combat ransomware criminals, and for a global network of ransomware investigation hubs. The Ransomware Task Force urged the White House to make finding, frustrating and apprehending ransomware crooks a priority within the U.S. intelligence community, and to designate the current scourge of digital extortion as a national security threat.
Cybersecurity experts weighed in on this latest news.
Anthony Pillitiere, Co-Founder and CTO at Horizon3.AI:
"This hits at the heart of the matter in cybersecurity...the economics of an attack. While I believe this is a great step, it's a bit late in the game. Criminals are already seeing that the "don't pay" message is starting to stick, as only 27% of victims are paying. As the money dries up, a new tactic of "breach-as-a-service" is growing in popularity. Criminals are taking a lesson from the gold rush - once the peak is hit, you can generate a longer term revenue stream from selling pickaxes to the laggards. The 2021 DBIR analysis shows that credential and brute force attacks are the source of 80% of breaches. Organizations need to focus on the fundamentals of security, which includes good IDAM hygiene, continuous assessment, and the adoption of a purple culture - using offensive actions to inform defensive actions and focus efforts on the issues most likely to impact business first."
Tyler Shields, CMO at JupiterOne:
"Targeting the financial side of the equation will help quite a bit. That model is really focused on what happens after the breach and once the target has been compromised. While there is a lot of value in frustrating criminals with money tracing and tracking and locking down the funds, a prevention strategy must also be employed. Making sure that potential targets of ransomware have visibility into their cyber universe - what exists, where it exists, and if it's properly secured goes a long way to making ransomware attacks more difficult. At the end of the day, nothing will completely stop these attacks and we can primarily hope to raise the bar of difficulty to an unmanageable level."
Douglas Murray, CEO at Valtix:
"The threat landscape is an ever evolving and critical matter for both the public and private sector. This is challenging because it requires cooperation across multiple companies in the private sector […many of which compete with each other], as well as various governments, to come together to solve. While incredibly complex, we have to get this right and in real-time as newer ransomware is detected anywhere around the globe. We need to protect our infrastructure, while upsetting the bad actors business model . This threat feed can be ingested by security services to allow government and enterprises to appropriately respond to these attacks. Urgency here is critical."
Dirk Schrader, Global Vice President, Security Research at New Net Technologies (NNT):
"It is time to have such an initiative in place. It was surely propelled by the recent developments with Emotet (which was used to drop various ransomware strains) and the takedown of web-shells, that the initiators of the task force do think they can make that move. It will be more a question of convincing lawmakers across the globe to actually join that coalition, to work out or improve their own country’s legal frameworks, so that ransomware gangs can effectively be prosecuted or at least the market structure is changed so much that they get frustrated and leave that business. That is by all means not a sprint. It will be interesting to see whether they can get a large number of nations to join that coalition. There is also a good chance that crypto-currencies will label this initiative as a bait to get regulations for their markets in place. The idea to ‘create a Ransomware Response Fund to support victims in refusing to make ransomware payments’ is astonishing at first sight. By instinct one would ask why, as the victim wasn’t able to secure their systems and network properly so they got caught. But that would reject the notion that there is no such thing as 100% security."