Key recommendations for combating ransonware

May 14, 2021

The recent cyberattack on the major US oil and gas pipeline could become one of the most costly attacks on an economy. It is also the latest reminder of the increased frequency and severity of ransomware attacks.

Most senior cybersecurity leaders see ransomware as a growing and dangerous threat that is putting even physical security at risk. The cost is financial and human. Unless cybersecurity practices are incorporated into corporate or organizational culture and the lifecycle of digital products, we are likely to see even more frequent attacks.

Criminal organizations are using ransomware to exploit vulnerabilities during the pandemic, for example. The average ransom paid by victimized organizations has more than doubled in the COVID-19 era, reaching $312,493 last year, according to the “2021 Unit 42 Ransomware Threat Report“. These numbers tell only part of the economic story, as the cost of downtime and system recovery often eclipses the ransom payment. And the human toll is even more terrible. Ransomware prevents hospitals, educational institutions, and governments from functioning effectively or sometimes shuts them down completely for days or weeks.

During a ransomware attack, IT administrators often struggle to recover data and restore operations while employees are idle. Meanwhile, senior leaders engage in intense internal deliberations, debating whether to pay the ransom or resist through the remediation process. So the best thing is to invest in technology that helps avoid it. In particular, technologies that help monitor the network.

You can find solutions that can help customers faster, catch errors before they occur and have the opportunity to eliminate those problems before users even discover them. With all ports on the switches monitored, for example, it is possible to know where there is often high bandwidth consumption and where there is not. And thereby detect problems.

More than 65 software companies, cybersecurity vendors, U.S. and European government agencies, nonprofits, and academic institutions have joined forces to address this insidious threat. Under the nickname, the Ransomware Task Force (RTF), this group of industry leaders developed a clear and structured set of recommendations that, if resourced and implemented, could rapidly reduce the impact of ransomware on society.

The Task Force’s recommendations, published in a recent report titled “Combating Ransomware: A Comprehensive Framework for Action“, outline actions that governments, businesses, and nonprofits can take to stop ransomware criminals and disrupt their business model. While the report directs many of its recommendations to the US government due to the strong connections of task force members there, the report also calls on other national governments and industries to work together as part of a global collaborative effort to stem the tide of these attacks.

The primary goal of these actions is to deter ransomware criminals; help organizations prepare and defend against attacks; undermine the practices that make ransomware so profitable; and respond to ransomware attacks more effectively.

The RTF has identified five critical and urgent actions that form the backbone of its overarching framework:

1. International diplomatic and law enforcement agencies should declare ransomware a priority and execute a comprehensive and resourced strategy that includes measures to prevent nation-states from providing safe haven to ransomware organizations.

2. Governments should promote aggressive operational campaigns, sustained and driven by “whole of government” intelligence, working more closely with private industry to combat ransomware.

3. Governments need to create cyber recovery and response funds; require companies and other organizations to report ransom payments, and require organizations to consider alternatives before making payments.

4. The international community should coordinate efforts to develop a single, widely adopted Ransomware Framework that will help organizations prepare for and respond to ransomware attacks.

5. Governments should regulate the cryptocurrency sector more closely and ensure that exchanges, kiosks, and trading desks comply with existing regulations, including know your customer, anti-money laundering, and combating the financing of terrorism laws.

If applied together, these steps would result in immediate and long-term benefits and show cybercriminals that ransomware is no longer an easy and safe strategy for financial gain.