McAfee, Citrix, Microsoft Back Ransomware Task Force

A group of security vendors, coalitions, law enforcement agencies, and non-profits are among the founding members of a Ransomware Task Force that will convene in January to address this growing cybersecurity threat. A group of security vendors, coalitions, law enforcement agencies, and non-profits are among the founding members of a Ransomware Task Force that will convene in January to address this growing cybersecurity threat. The group, formed by the Institute for Security and Technology (IST), includes member companies Citrix, Cybereason, McAfee, Microsoft, Rapid7, and SecurityScorecard, along with the Cyber Threat Alliance and Global Cyber Alliance. And it’s tasked with providing recommendations for both public agencies and private companies to reduce the threat posed by ransomware in the next two to three months. “The Task Force will complete its work in relatively short order, through the course of Q1, at the end of which we will release the comprehensive framework for senior-level policymaker consideration,” said Philip Reiner, CEO of the Institute for Security and Technology. Over the next couple weeks, the task force will continue adding partners and working group participants, he added. In January, the group will launch its website, which will include a full membership list and leadership roles. “Ransomware attacks have continued to increase in size and scale over the last year — and attackers no longer hesitate to attack schools, hospitals, city governments, and other elements of critical infrastructure,” Reiner said. “The RTF founding members understand that ransomware is too large of a threat for any one entity or sector to address on their own, and thus have come together to share best practices and synthesize solutions. IST is uniquely positioned as a neutral non-profit technology and security platform to pull together the right actors from across the full spectrum of domains.” According to Positive Technologies’ third-quarter 2020 cyber threatscape report, ransomware attacks now account for over half of all malware attacks (51% in Q3 compared to 39% in Q2). Additionally, half of all attacks against health care institutions during the quarter involved ransomware, and this tragically included the first fatality from a ransomware attack against a hospital in Germany. In an emailed comment, Cybereason CSO Sam Curry called ransomware “a scourge on society and disgusting.” The founding partners include: Aspen Digital, Citrix, the Cyber Threat Alliance, Cybereason, the CyberPeace Institute, the Cybersecurity Coalition, the Global Cyber Alliance, McAfee, Microsoft, Rapid7, Resilience, SecurityScorecard, Shadowserver Foundation, Stratigos Security, Team, Cymru, Third Way, UT Austin Stauss Center, and Venable. “The work of the Taskforce in the months ahead is critical as Cybereason has seen an increase in surgical ransomware attacks, and while the number of newly discovered strains continue to decrease, multi-stage ransomware attacks are rising significantly, with multiple attackers executing ransomware operations involving data theft, the stealing of user credentials and lateral movement across the victim’s network to compromise as many endpoints as possible,” Curry said. And while ransomware attacks have been increasing over the past few years, “2020 was a year where COVID-19 has made the problem even more serious,” said Kent Landfield, chief standards and technology policy strategist at McAfee. “Attacks on health care facilities has raised it another level where the effects can create risks to life and limb. The Ransomware Task Force is being stood up to bring together those wishing to create a roadmap for addressing the threat.” SecurityScorecard, a cybersecurity ratings company that has assigned ratings to more than 1.5 million organizations globally, is another founding member. Ransomware is a problem that affects all companies, especially medium and large organizations, and the need to collaborate with the public sector on cybersecurity threats became even more apparent in light of the recent SolarWinds hack, said Sachin Bansal, general counsel at SecurityScorecard. “Ransomware is like third-party breaches where it’s one of these problems that just keeps getting worse,” he said. This gives the task force a sense of urgency, and while its work isn’t intended solely for the incoming Biden administration, “with the immediate and increasingly life-threatening nature of ransomware attacks, there is a unique opportunity for the new administration to take decisive action as it comes into office,” Reiner said. “This Ransomware Task Force will not reinvent the wheel. Our coalition will assess existing solutions targeting varying levels of the ransomware kill chain, identify gaps in solution application, and create a roadmap of concrete objectives and actionable milestones for high-level policymakers.” Bansal describes the task force as the “Avengers or Power Rangers of cyber,” and says SecurityScorecard brings seven years of historical data from the organizations it scores to the group. And organizing under the IST auspices gives the partners a level of coordination that the attackers already employ, added Alex Heid, SecurityScorecard’s chief research and development officer. “It’s a collective of these different enterprises, governments organizations, and nonprofit organizations,” Heid said. Just like the hackers share information and tactics, “the white hats have their own underground, where irrespective of where we’re working at what point in time we’re always in touch with each other, and most of the folks know each other outside of work anyway,” he added. “This is a way to formalize all of that and organize ourselves in a way that the bad guys already are.” Citrix CISO Fermin Serna echoed this sentiment. “In joining forces with other industry leaders to form the Ransomware Task Force, we’re putting all hands on deck to create a standard framework that organizations can use to quickly respond to these types of attacks and mitigate their impact.”