The Institute for Security and Technology (IST) — in partnership with a broad coalition of experts in industry, government, law enforcement, civil society, and international organizations who participated in the Ransomware Task Force (RTF) — has released a comprehensive framework to combat ransomware.
The RTF hosted an online launch event on April 29 with a powerhouse lineup of the experts that led the RTF process, and keynote remarks by the Honorable Alejandro N. Mayorkas, U.S. Secretary of Homeland Security.
Ransomware is a prevalent and destructive type of cybercrime, with increasingly dangerous physical consequences. Hospitals, school districts, city governments, public infrastructure, and countless other organizations have found their networks and data held hostage by malicious actors seeking monetary gain.
Ransomware attacks will only continue to grow in size and severity, unless there is a coordinated, comprehensive, public-private response.
The RTF report includes 48 recommendations that together form a comprehensive framework to address ransomware.
This strategic framework aims to help policymakers and industry leaders take system-level action — through potential legislation, funding new programs, or launching new industry-level collaborations — that will help the international community build resistance, disrupt the ransomware business model, and develop resilience to the ransomware threat.
The framework is organized around four goals: deter ransomware attacks through a nationally and internationally coordinated, comprehensive strategy; disrupt the ransomware business model and reduce criminal profits; help organizations prepare for ransomware attacks; and respond to ransomware attacks more effectively.
These goals are interlocking and mutually reinforcing. For example, actions to disrupt the ransomware payments system will decrease the profitability of ransomware, thereby helping to deter other actors from engaging in this crime. Thus, this framework should be considered as a whole, not merely a laundry list of disparate actions.
