The Institute for Security and Technology (IST) Ransomware Task Force (RTF) has released a list of recommendations to help international governments combat ransomware attacks.
In its list, the task force highlighted five priority recommendations:
1. Government Agencies Must Work Together to Address Ransomware.
Coordinated, international diplomatic and law enforcement efforts must prioritize ransomware via a comprehensive, resourced strategy, RTF noted. This strategy should emphasize "a carrot-and-stick approach" that leads nation-states away from providing safe havens to ransomware criminals.
2. The United States Should Develop and Implement an Intelligence-Based Anti-Ransomware Campaign.
The United States should create and execute an intelligence-driven anti-ransomware campaign coordinated by the White House, RTF stated. This campaign should include the establishment of an interagency working group led by the National Security Council, an internal U.S. government joint ransomware task force and a collaborative, private industry-led informal ransomware threat focus hub.
3. Governments Should Set Up Cyber Response and Recovery Funds.
Governments should create cyber response and recovery funds for ransomware response and other cybersecurity activities, RTF noted. Also, governments should require organizations to report ransom payments and consider alternatives before they pay ransoms.
4. International Governments Should Develop a Universal Framework for Ransomware Attack Preparedness and Response.
Governments from around the world should develop a clear, accessible framework to help organizations prepare for and respond to ransomware attacks, RTF pointed out. Incentives and regulation can be used to drive framework adoption.
5. The Cryptocurrency Sector Should Be Closely Regulated.
Governments should carefully monitor the cryptocurrency sector and ransomware attacks across it, RTF indicated. They also should require cryptocurrency exchanges, crypto kiosks and over-the-counter (OTC) trading "desks" to comply with Know Your Customer (KYC), Anti-Money Laundering (AML) and Combatting Financing of Terrorism (CFT) and other laws.
Ransomware represents an urgent national security risk that threatens schools, hospitals, businesses and other organizations, RTF stated. As such, governments must take measures to help organizations guard ransomware and keep pace with other cyber threats.