The Ransomware Task Force (RTF), a US-led team convened in early 2021 with participants from governments, software firms, cyber security vendors, non-profit and academic institutions from across the world.
The aim of the RTF is to develop a robust plan to tackle the global ransomware threat, through deterring and disrupting the actors while helping ensure organisations are equipped to prepare and respond. This week the team launched its final report, directed primarily at the US government, which includes a framework of actions that together have the potential to reduce the harm from ransomware attacks globally.
Ransomware has become one of the most frequent and disruptive types of incidents that governments deal with. In the NCSC 2020 Annual Review, they noted that they had handled more than three times as many incidents than the previous year. Attackers are increasingly raising the stakes by threatening to leak stolen data publicly where victims are reluctant to pay the ransom. We’ve also seen attackers grow more sophisticated, sitting on a network over time and looking round for the most high-value data to encrypt, as well as any online backups to obstruct recovery.
During the COVID-19 pandemic, attackers took advantage of the crisis in their selection of targets, which included hospitals in the US and Europe. Here in the UK we saw a spike in ransomware attacks affecting the education sector at a time when institutions were working hard to manage online learning, admissions and testing procedures.
The disruption it causes means that ransomware is no longer a cyber security issue for organisations; as the Task Force’s report notes, it has become a national security risk that has the potential to impact public safety, particularly when hospitals and other critical national infrastructure are targeted. And since there is little an organisation can do once the ransomware hits, preparation is essential.
The RTF is a great example of the power of collaboration in addressing these widespread cyber threats.