August 4, 2021
The Institute for Security and Technology’s Ransomware Task Force is the largest collaboration ever assembled for the unified goal of combating ransomware and cybercriminals. This year, they’ve released their long-awaited cybersecurity framework. This 81-page report, titled Combating Ransomware: A Comprehensive Framework for Action, gives enterprise defenders their first structured standardized guidance for ransomware defenses. Here’s a brief summary of their recommendations.
What is the RTF Framework?
The RTF Framework mirrors the well-known NIST Cybersecurity Framework by grouping recommendations into logical target areas. Where NIST describes specific technical actions in its five functions, the RTF authors opted to distribute 48 higher-level recommendations across four goals: deter, disrupt, prepare, and respond. These high-level policies and processes include advocating for the creation of more technical guidance, particularly for underfunded and critical industries.
What does the RTF recommend?
Where the RTF recommendations especially stand out are in the ways it advocates taking a highly aggressive approach towards cybercriminals. Here are the specifics:
Attacking Ransomware Gangs Where They Live
This goal focuses on getting international governments and law enforcement to prioritize ransomware threats and use the full force of their diplomatic and financial clout to encourage nation-states to stop providing safe havens for ransomware criminals.
Leading by Example
The task force is urging the United States to lead by example with an aggressive White House-backed campaign that treats ransomware as a national security threat, taps the National Security Council’s resources, and establishes public and private task forces and focus groups to address the problem.
Aid for Ransomware Victims
RTF recommends establishing government-funded international Cyber Response and Recovery Funds to support ransomware response. The RTF also softens the line on ransom payments, calling for the U.S. Treasury Department to revise its no-pay guidance and urging victims to report ransom payments and consider all available alternatives before paying.
This would be done through government crackdowns on cryptocurrency exchanges and stepped-up enforcement of existing money-laundering and anti-terrorism funding laws. The goal is to disrupt ransomware payment systems and make the criminal endeavor less profitable.
The RTF Framework is “all or nothing.”
The RTF is clear in its report that you can’t pick and choose which aspect of the framework to follow. Each recommendation interlocks with other actions, and the strength of the total effort depends on coordinated and complete execution. For example, reducing the profitability of ransomware through financial controls thwarts crimes in progress and also acts as a deterrent, discouraging future actors from engaging in similar malefactions. It’s imperative that the entire framework must be adopted in order for it to successfully combat this global epidemic.
At Rimstorm, we can help you implement this framework into your existing architecture. Contact us today for a free consultation. Together we can all do our part in making the world a safer place for everyone.