Ransomware is a “scourge” that has to be fought by governments around the world, according to experts who spoke at the annual RSA Conference this week.
“This is a threat that has moved from economic nuisance eight years ago to national security and public health and safety threat today,” Michael Daniel, CEO of the Cyber Threat Alliance and a former White House cybersecurity co-ordinator, told a panel.
“Once a threat has moved into that category we need government to bring its resources to the table, and private sector and not-for-profit sector to engage as well. And it’s not just the U.S. government. This is an international problem.”
He also called for international pressure on countries that shelter hacking groups.
Ransomware, Daniel said, “is such a lucrative business it’s going to take a full-court press to change that business model, to reduce the level of value that criminals get out of it and reduce the overall scourge of ransomware.”
Other panellists were Phil Reiner, chief executive of the California-based Institute for Security and Technology and co-chair of a Ransomware Task Force, which released a report April 29; and Jen Miller-Osborn, deputy director of threat intelligence at Palo Alto Networks’ Unit 42.
The panel was recorded before U.S. President Joe Biden last week promised to disrupt the gang behind the Colonial Pipeline ransomware attack. He also signed an executive order telling federal agencies to work more closely with critical infrastructure providers to defend against cyber attacks.
Reiner didn’t refer to the President’s order. However, he did say “It takes senior level, top-down interest in a problem like this to really get after it with the resources required. The prioritization needs to be raised to do something different. This is not something usual, it’s not the normal cybersecurity threat. It’s a plague.”
As a former member of the U.S. National Security Council, Reiner said he knows leadership from the White House is needed because “the [U.S. federal] bureaucracy is not necessarily focused or equipped to respond quickly.”
In Canada, Prime Minister Justin Trudeau hasn’t made a major policy speech on ransomware. However, last month Public Safety Minister Bob Blair met online with his counterparts in the Five Eyes intelligence co-operative, which issued a joint statement calling ransomware “a threat to national security.” The countries – including the U.S., the U.K., Australia and New Zealand – promised to work together and with the private sector to fight cyber threats including ransomware.
In calling for a “comprehensive approach” Reiner said ransomware won’t be stopped only by attacking the ability of cryptocurrencies and exchanges to hide payments to crooks, or sending the U.S. Cyber Command and its IT skills at a hacker in another country.
Daniel agreed, although he also called for “more aggressive disruption” of cyber gangs and what he called “creative thinking,” such as the U.S. Treasury Department’s warning last year that paying ransomware to cybercriminal groups and state-sponsored hackers could be illegal.
Miller-Osborn noted that a Palo Alto ransomware report issued in March estimated ransomware gangs doubled the average amount they are asked for in 2020 compared to the year before. The average ransom paid tripled in the last year to over US$300,000.
Colonial Pipeline reportedly paid almost US$5 million last week to get decryption keys to its data plus any stolen data back.
Law enforcement agencies have been working together and scored some wins, she added, pointing to the take-down in January of the Netwalker ransomware infrastructure.
Ransomware is unlike the SolarWinds (blamed by the U.S. on Russia) or Microsoft Exchange (blamed on Chinese-based group), Reiner added. It needs a “sustained campaign” of opposition.