RSA 2022: Progress in Combating Ransomware: Honest Insights from the Ransomware Task Force

According to research by the Symantec Threat Hunter Team at Broadcom Software, organizations are facing unprecedented level of danger from targeted ransomware attacks. To help drive a more coordinated effort to tackle this problem, the Institute for Security and Technology (IST), in collaboration with more than 60 public and private partners, launched the Ransomware Task Force (RTF) in late 2020. In April 2021, the RTF issued a 80+ page report to provide a comprehensive framework, with 48 recommendations, about how to deal with ransomware.

What’s been done since the report came out? Moderated by IST CEO and RTF Executive Director Philip Reiner, the #RSAC panel, Progress in Combating Ransomware: Honest Insights from the Ransomware Task Force, discussed the progress made over the last 12 months on these recommendations. The panelists included Michael Daniel, President and Chief Executive Officer, Cyber Threat Alliance; Megan Stifel, IST Chief Strategy Officer and RTF Co-Chair; and Michael Phillips, Chief Claims Officer, Resilience and RTF Co-Chair.

“We are proud to say that 88% of the recommendations in this report have seen some progress and 25% have seen significant progress, although there is still a great deal of work to be done,” said Reiner.

“When you look at what the U.S. government has done over the past year, it’s impressive at the speed it organized and focused on the ransomware threat. We wanted ransomware to move from being an adjunct law enforcement problem to a national security problem – and that has happened,” said Daniel. Stifel agreed, pointing to funding, legislation and executive orders and other government efforts to protect critical infrastructure. “After Colonial, President Joe Biden met with Russian President Vladimir Putin and said cyberattacks against the 16 sectors of U.S. critical infrastructure should be off-limits and, if they continue to be attacked, there would be responsive action,” she said.

Yet one key challenge that remains is eliminating safe havens for ransomware criminals. Although the U.S. has seen some cooperation from countries in Central Europe, it has been a slow process to build coalitions within the international community. “As long as these actors have a safe place, it will be hard to disrupt them,” said Daniel.  “If you can’t get the actors themselves, can you get to where you can choke some of their financial flows?”

In addition to the problem posed by safe havens, the use of Bitcoin and other cryptocurrencies for ransomware payments has helped to fuel attacks. In fact, ransomware payments by victims spiked 70% in 2021 over the previous year. Unfortunately, Stifel doesn’t expect that to stop anytime soon. “We still don’t have the ability of rapid interdiction and response. The use of cryptocurrency for illicit purposes will endure long past ransomware,” she said.

The panel also called for faster and more standardized reporting for ransomware attacks. “If we can get reporting fast enough, there are disruption opportunities. Right now, we have a lot of silos in the information ecosystem,” said Phillips.

At the end of the discussion, Reiner began taking questions from the audience and the topic of banning ransomware payments came up. “Unless we do it globally, there will be challenges for those countries who ban payment, including sustaining those bans and the political fights that come with it,” said Daniel. Reiner agreed, adding “We need to put ourselves on a glide path to make it illegal to make ransomware payments, but that is down the road.”

Looking ahead, a blueprint for ransomware defense including tools and best practices, requested by the RTF, will be launched later this summer, said Stifel.

To learn more on how Broadcom Software can help you modernize, optimize and protect your enterprise, contact us here.