Expert Insights On Ransomware Task Force Report

The recent Ransomware Task Force report, “Combating Ransomware,” that was delivered to the Biden administration this week and calls for an international coalition to combat ransomware criminals. Experts below provide response on this subject.

Experts Comments

May 04, 2021
Baber Amin
COO
Veridium

The Task Force report is very comprehensive, informative and pragmatic. Ransomware actors are an extension of organized crime. Most of time we seem to forget this because when it comes to cyber security, we are prejudiced to think of lone wolf actors in black hoodies. The report list four goals of Deter, Disrupt, Help and Respond. These goals are great, but I believe that there should have been more emphasis on the following as part of these goals, or perhaps as additional goals:

  • Action 3.4.4.
.....Read More

The Task Force report is very comprehensive, informative and pragmatic. Ransomware actors are an extension of organized crime. Most of time we seem to forget this because when it comes to cyber security, we are prejudiced to think of lone wolf actors in black hoodies. The report list four goals of Deter, Disrupt, Help and Respond. These goals are great, but I believe that there should have been more emphasis on the following as part of these goals, or perhaps as additional goals:

  • Action 3.4.4. does not go far enough to alleviate fines and provide immunity from regulations imposed by OFAC (office of foreign assets controls). We need to encourage transparency and not penalize the company or individual who is trying to get their business back together.
  • Another missing part seemed to be the lack of involvement from ISP(s) network equipment manufacturers and data center operators. Even CDN operators. All of these entities can and should play a larger role in identifying, tracking and isolating attacks, and also have consistent processes for evidence preservation.
  • Table top exercises need to go farther. A ransomware attack in a red vs blue scenario should play it out to the end to identify all possible paths.
  • We should also consider limiting liability for PII disclosure in a ransomware attack where a baseline of appropriate measures were taken.
  • Technical controls and end user education needs to play a larger part in ransomware mitigation. Simple measures like MFA (multi factor authentication), elimination of passwords, elimination of security theater, encryption of important information at rest, and timely and ongoing backups can make a big difference. These are all well understood processes, and can help from the perspective of making it difficult for an attacker and making it easy for an organization to recover without paying a ransom.
  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.