Days before the disruptive ransomware attack on Colonial Pipeline, the cross-sector Ransomware Task Force emerged with a report that laid out 48 recommendations that included a framework for critical infrastructure organizations that could help deter and disrupt the operations of ransomware gangs.
Four years later, the task force is assessing the progress organizations and the public sector has made in carrying out these recommendations, and continuing to promote positive change on what remains to be done.
In this episode of the Nexus Podcast, Megan Stifel, Chief Strategy Officer for the Institute for Security and Technology, joins to discuss the four years of progress and challenges experienced by the Ransomware Task Force. She cites significant wins in incident reporting, gaps that have been narrowed since the report’s publication in 2021, as well as the codification of a joint ransomware task force (JRTF) as designated in Section 106 of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA).
The JRTF coordinates activities meant to deter or disrupt ransomware campaigns, and pursues opportunities for international cooperation in conjunction with CISA, FBI, and private sector entities.
Stifel recalls the early days of the task force and the goals it laid out, starting with four areas: How to help organizations better prepare for, and respond to, ransomware; how can governments better deter ransomware actors as well as disrupt them.
“I think we saw the most action in deter and disrupt in the early days,” said Stifel, who co-chaired the response working group. “Right after Colonial, President Biden had a meeting in the Rose Garden and it was a big public push against the threat actors. Shortly thereafter in the fall of 2021 was when the first Counter-Ransomware Initiative meeting happened.”
Disruption since has also gained momentum, she said.
“We still think there is tremendous room for opportunity to better disrupt these threat actors and that will happen with government and industry working closely together,” Stifel said. “The takeaway is that there has been tremendous willingness on the deterrence side by governments to come to the table to talk about this.”
Ransomware continues to be the most disruptive and dangerous threats to critical infrastructure organizations globally. Hospitals and other critical industries continue to suffer under the weight of extortion attacks where data is stolen, ransomware is deployed locking down critical systems, and the threat of an imminent data leak forces companies’ hands as to whether to meet an exorbitant ransom demand.
“We thought and continue to think that working through some of the measures that will combat ransomware will also have knock-on effects to reduce risks from other threats, including other nation-state actors,” Stifel said. “It’s at the top, but things that can be effective in reducing ransomware risk will also buy down risk from other threat models.”
Michael Mimoso is Director of Influencer Marketing at Claroty and Editorial Director of Nexus.
