The Ransomware Task Force (RTF), a broad coalition of over 60 experts in industry, government, law enforcement, civil society, and international organizations including BlueVoyant, today released a comprehensive framework to combat ransomware: “Combating Ransomware: A Comprehensive Framework for Action.”
The RTF was formed in January of 2019 by the Institute for Security and Technology (IST). Representatives from BlueVoyant collaborated with this coalition of partners to lend their expertise toward creating a framework of standardized guidance and actionable solutions to mitigate the growing and dangerous ransomware threat across all vertical markets.
“The cost of ransom paid by organizations has nearly doubled in the past year, and is creating new risks, many that go far beyond monetary damage,” said Philip Reiner, the CEO of IST and the Executive Director of the RTF. “In the past 12 months alone, we’ve seen ransomware attacks delay lifesaving medical treatment, destabilize critical infrastructure, and threaten our national security. We felt an urgent need to bring together world-class experts across all of the relevant sectors to break down silos and create a framework that government and industry can pursue to disrupt the ransomware business model, mitigate the impact of these attacks, and ensure the continued faith of the general public in its institutions.”
The RTF recognizes ransomware as an international crime that continues to affect both the public and private sectors. Therefore, all solutions must apply both internationally and to a broad spectrum of verticals affected by ransomware.
For this reason, the RTF was proactively convened, and by intent, included representatives across disparate sectors, large and small, public and private, including healthcare, financial, cyber security, technology, government, law enforcement and civil society.
The expertise represented by these sectors allowed the RTF to develop multifaceted solutions and build a comprehensive strategy for stemming the tide of ransomware.
The framework consists of four goals:
- Deter ransomware attacks through a nationally and internationally coordinated, prioritized, and resourced, comprehensive strategy.
- Disrupt the ransomware business model and decrease criminal profits.
- To help organizations better prepare for ransomware attacks.
- To help organizations respond to ransomware attacks more effectively.
The 48 actions outlined provide guidance for addressing the complexities of the ransomware epidemic, from the role of cyber insurance and cryptocurrency to safe havens for threat actors.
The framework developed is not intended for piecemeal action. Effective implementation will require the coordinated effort of many stakeholders to meet these four critical goals, which each fill a gap in the current approach to ransomware mitigation.
“The risks of ongoing ransomware attacks across all verticals—and the resulting crippling reputational and financial consequences—keep cyber security professionals up at night. These risks, coupled with unknown or unaddressed vulnerabilities in their network and supply chain ecosystem, only confirm the severity of the threat,” said Austin Berglas, Global Head of Professional Services and RTF Representative for BlueVoyant.
“The time for concerted and coordinated action is now. BlueVoyant is honored to be an RTF coalition member and to have played a valuable role in the development of this groundbreaking framework designed to help organizations to better prepare for, respond to, and mitigate the ongoing and pervasive ransomware threat.”