Some useful comments on the recent announcements about the Ransomware Task force. Essentially saying good idea, but criticizing its lack of serious global participation.
Comments by Steve Gibson in Security Now! #817 - 05-04-21, Page 10 -
The Ransomware Task Force
The Wall Street Journal and CNN appear to have been among the first to obtain and report on a US Justice Department memo which discloses the creation of a new task force dedicated responding to the growing threat of ransomware. Given the maturity of the task force's first81-page report, selected parts of which I'll be sharing shortly, this appears to have been on the works for some time. And, needless to say, it's quite needed. The question is, although a “task force” sounds wonderfully proactive, what can a “task force” actually do? CNN explained that the new initiative follows what the memo describes as the worst year everfor ransomware attacks. It highlights how cybersecurity threats in general have become a major focus of the current administration following other recent high-profile network security incidents such as the Russian-backed SolarWinds hacking campaign and the Microsoft Exchange server vulnerabilities that Microsoft has attributed to Chinese hackers. More recently, it is believed that Chinese hackers exploited vulnerabilities in Pulse Secure's VPN to compromise 'dozens' of agencies and companies in US and Europe.
In a memo from Acting Deputy Attorney General John Carlin to DOJ department heads, US attorneys and the FBI on Tuesday, he said: “Although the Department has taken significant steps to address cybercrime, it is imperative that we bring the full authorities and resources of the Department to bear to confront the many dimensions and root causes of this threat.” Security Now! #817 10 So, this new task force will pull together and unify efforts across the federal government to pursue and disrupt ransomware attackers. Actions could include everything from "takedowns of servers used to spread ransomware to seizures of these criminal enterprises' ill-gotten gains. In addition, the DOJ plans to devote more resources to training and intelligence sharing, as well as reaching out to the private sector to gain insight into ransomware and extortion threats. As we know, during the past few years, ransomware attackers have increasingly targeted schools, hospitals, city governments and other victims that are perceived to have weak security or an ability to pay. Brian Krebs covered this news too, opening with: “Some of the world’s top tech firms are backing a new industry task force focused on disrupting cybercriminal ransomware gangs by limiting their ability to get paid, and targeting the individuals and finances of the organized thieves behind these crimes.” ... '
"... I’m glad that this Ransomware Task Force exists. But in the absence of full international anti-ransomware cooperation — including those nations that are hostile to the interests of other nations — it’s not clear to me that huffing and puffing is going to amount to much. ..."
No comments:
Post a Comment