This is the best indicator of exactly what this exercise in verbiage is all about; it is merely another eyewash to divert attention away from the fact that practically all the attacks that have caused the private and public sector enormous grief have been on systems running Windows.
Recognising the cause is the best way to get rid of the effects, but naming the main culprit would have put more than a few noses out of joint. Hence, we have this exercise, which was described by one cynical security industry person as "all fart and no poo".
I remain genuinely concerned that a small number of apex ransomware groups are getting hundreds of millions of US dollars in payment each year.— Kevin Beaumont (@GossiTheDog) April 29, 2021
That gives them more money to buy zero day exploits than many big nation states.
It's like giving rocket launchers to YouTuber fans.
It is testimony to Microsoft's clout in the security industry and its ability to spin and hire the best PR people that it has not invited the wrath of those who have suffered from ransomware attacks.
And further, "our goal is to provide the tools and insights needed for companies and governments to outpace emerging global security threats. Our non-traditional approach has a bias towards action, as we build trust across domains, provide unprecedented access, and deliver and implement solutions".
The working group co-chairs of the Ransomware Task Force.
The organisation has a very nice-looking website, but makes no mention of where it gets its funds, though it does solicit money.
One of the major recommendations made by this group is tighter regulation of the cryptocurrency sector, a favourite bete noire of the US Government. "Governments should require cryptocurrency exchanges, crypto kiosks, and over-the-counter trading 'desks' to comply with existing laws, including Know Your Customer, Anti-Money Laundering, and Combatting Financing of Terrorism laws," it says.
Ransomware Task Force reveals comprehensive framework– "Make it 1997 again through Science or Magic" pic.twitter.com/0cBxjzNorx— J. A. Guerrero-Saade (@juanandres_gs) April 29, 2021
The other major recommendations are (in the language of the RTF): "Co-ordinated, international diplomatic and law enforcement efforts must proactively prioritise
ransomware through a comprehensive, resourced strategy, including using a carrot-and-stick approach to direct nation-states away from providing safe havens to ransomware criminals;
"The United States should lead by example and execute a sustained, aggressive, whole of government, intelligence-driven anti-ransomware campaign, co-ordinated by the White House. In the US, this must include the establishment of 1) an Interagency Working Group led by the National Security Council in coordination with the nascent National Cyber Director; 2) an internal US Government Joint Ransomware Task Force; and 3) a collaborative, private industry-led informal Ransomware Threat Focus Hub;
"Governments should establish Cyber Response and Recovery Funds to support ransomware response and other cyber security activities; mandate that organisations report ransom payments; and require organizations to consider alternatives before making payments; and
"An internationally co-ordinated effort should be developed to develop a clear, accessible, and broadly adopted framework to help organisations prepare for, and respond to, ransomware attacks. In some under-resourced and more critical sectors, incentives (such as fine relief and funding) or regulation may be required to drive adoption."
The RTF has backed off even the most common advice offered by people who deal with ransomware attacks: stop paying ransoms. About this, the wishy-washy recommendation is "...the Ransomware Task Force did not reach consensus on prohibiting ransom payments, though we do agree that payments should be discouraged as far as possible." In other words, two bob each way.
The report is a waste of time, repeating all that has happened over the past few years and offering nothing new. Had the RTF, for instance, suggested that the US improve its relations with Russia to the point where US President Joe Biden could ask his Russian counterpart, Vladimir Putin, to take a harsher line towards the ransomware gangs that operate from Russia, that would have been worth highlighting.
It is well known that the Russian Government line towards ransomware gangs operating from within its borders is to let them do what they want, provided no Russian entity is put in danger.
The RTF document is nicely formatted, with illustrations and the Institute for Security and Technology will surely earn some funds, both public and private, from this marketing exercise which will ensure it can keep its sinecures filled.
This is another document that will gather digital dust on some hard drive deep in some establishment. Meanwhile, the security industry will be licking its lips at the prospect of what can be earned from the next ransomware hit.