Recommendations from the Ransomware Task Force
Ransomware is a growing threat that has led to massive damage to companies and even countries. As the country faces a gas crisis sparked by a ransomware attack, the Cyber Threat Alliance’s Ransomware Task Force panel discussion could not have come at a better time. The panel was moderated by Michael Daniel, President & CEO at Cyber Threat Alliance. Speakers on the panel included Michael Phillips, Chief Claims Officer at Resilience; Megan Stifel, Americas Executive Director at Global Cyber Alliance (GCA); Philip Reiner, CEO at the Institute for Security and Technology; and Retired U.S Army Major General John Davis, Vice President for the Public Sector at Palo Alto Networks.
What is the current state of cyber and ransomware according to the Ransomware Task Force? Megan Stifle from GCA made a great point about how cyber threat actors are enabled to make demands and leave victims vulnerable in the current state of cyber. Victims are often paying the ransom because of the compromised data. Unfortunately, a point that we at WhiteHawk have been trying to get across is that paying ransoms only incentivizes criminals and does not guarantee decryption of your data. Stifle sees the goal of the task force to be taking money away from threat actors.
Philip Reiner added to this by calling for collaboration among cyber professionals in organizations big and small across the globe. This is a goal, Reiner noted, the ransomware task force could address. General Davis made the point that comprehensive training could be a preventative measure in combatting ransomware, stating that training is available through this task force to help your organization’s members get the basic first steps needed to combat phishing, and therefore ransomware.
How can the federal government provide more support to state and local governments? The second point introduced by Daniel was that many state and local governments are on the front lines when businesses, individuals, and organizations in their area or the state and local government themselves are victims of ransomware attacks. Stifle mentioned that there may be the possibility of states needing to adopt basic standards and processes against ransomware. General Davis added to this point, stating that cyber insurance provided by the ransomware task force is a great first step in managing risk.
Cryptocurrency’s role in ransomware According to Daniel, many cyber criminals ask for payment in gift cards or, more recently, cryptocurrency. This was confirmed by Michael Phillips, who led the ransomware recovery effort for the Cyber Threat Alliance and worked with other crypto exchanges on ransomware breaches. Major crypto exchanges don’t want crime on their books either, according to Philips. He assured the audience that the ransomware task force was not trying to overregulate crypto companies but was instead trying to find areas where there are opportunities to mitigate vulnerabilities to prevent future exploitation. Reiner continued this point on crypto’s role, stating that technology is outpacing policy, and that is what you see in the cryptocurrency ecosystem. Reiner wants the task force and the audience to get down into how victims are being taken advantage of by threat actors, finding the weak points and enabling those at risk to act.
Now What? Quoting the musical hit Hamilton, Daniel stated that “recommending is easy, implementing is harder.” Acknowledging that the ransomware task force isn’t meant to live forever, Daniel asked, “how do we go about following these recommendations?”
The panelists made different cases from their respective perspectives and experiences to support the same point: we need to act together. It will take a collaborative effort between governments, organizations, and companies in the public and private sector to effectively combat the threat of ransomware. Stifle urged the audience to get engaged and share whatever information they possessed on the weak points and actions that could be taken against threat actors. From an insurance perspective, Phillips stated that while the insurance industry has been studying this problem for years, they must involve themselves and collaborate with others because this is not a private issue anymore.
Reiner made a call to action not to wait for someone else to do something. If you play a role in protecting against ransomware, you can take immediate action to educate and enable those in your network. General Davis concluded by bringing it back to the task force. Davis mentioned that participants in the task force can continue to help depending on how these calls to action are answered. Read the Ransomware Task Force Report, find out where you fit and get involved.
If you have not yet had the chance to read the full Ransomware Task Force Report, you can do so here. If we all take smart action, cybercrime can be stopped in its tracks. Take the first step with a complimentary assessment from our analysts.