Ransomware Task Force Releases Recommendations

The Ransomware Task Force, a coalition of 60 organisations, has released its long-awaited ransomware framework, proving recommendations on how to crack down on ransomware attacks.

The Task Force was announced by the Institute for Science and Technology back in December 2020, with delegates from governments, security vendors, think-tanks, academia and law enforcement, to name a few. The broad, multi-sector task force aims to find solutions to ransomware, and organisations involved include Amazon, Microsoft, the FBI, and the UK’s National Crime Agency.

Ransomware is malicious software designed to encrypt data before demanding a ransom in return for the decryption key; sensitive data may also be stolen and used as additional leverage. Over the last 18 months, ransomware attacks have stepped up, with schools and hospitals among the recent victims. Last month, we wrote about the British schools hit by a wave of ransomware attacks, that affected multiple trusts including Castle School Education Trust (CSET) in Bristol, Cambridge Meridian Academies Trust (CMAT), and Nova Education Trust in Nottingham. While the National Cyber Security Centre (NCSC) stressed these attacks were not coordinated, there does seem to be a worrying pattern developing. Ransomware attacks on hospitals have also increased, with 560 healthcare providers in the US hit in 2020. Back in 2017, we wrote about the WannaCry ransomware attack, which hit NHS trusts in England that were still running Windows XP. In September 202, a German woman tragically lost her life after she was turned away from a hospital that had suffered from a ransomware attack. These are the kinds of situations the Ransomware Task Force are looking to avoid.

The report released by the Ransomware Task Force is 81 pages long, and suggests strong collaboration internationally is the key to combatting the scourge of ransomware. The solutions were grouped into Deter, Disrupt, Prepare, and Respond, and unlike past efforts to combat ransomware, the Ransomware Task Force paints the problem as a national security issue that governments can no longer ignore.