Combating Ransomware: A Call To Action

Today the Ransomware Task Force, which I was pleased to co-chair, issued its report: Combating Ransomware. The Report identifies four goals and a series of supporting actions, with a combined 48 total recommendations. The Task Force identified these goals and actions to address five priority recommendations, including the need for sustained, coordinated collective action among governments, industry, academia, and non-profits in order to meaningfully reduce the ransomware threat.

The Task Force’s work and its recommendations share the Global Cyber Alliance’s (GCA) approach: uniting communities, scaling solutions, and measuring impact. Indeed, many of GCA’s existing resources can help organizations reduce their ransomware risk today. 

What the Task Force and GCA urge everyone to do now is take action.

Ransomware is a symptom of a broader problem: poor cyber hygiene. To reduce the threat of ransomware, organizations must shore up their digital defenses. Unfortunately, the common perception is that one must be an expert to have good cyber hygiene. The reality is for most actions they do not. For example, using a protective domain name service, like Quad9, can significantly reduce the risk of organizations accessing sites known to distribute malware, spyware, and other malicious software that enables or supports ransomware. Switching to a protective DNS service takes less than ten minutes and can reduce 33% of cybersecurity incidents

Similarly, ensuring organizations with their own domains have enabled domain-based message authentication, reporting, and conformance (DMARC) is an additional tool that can also significantly reduce the risk of a successful ransomware attack. DMARC is an email authentication and reporting tool. Given that a significant number of ransomware attacks leverage phishing emails as a means of egress to the victim organization or elsewhere in the threat actor’s tactics, techniques, and procedures, better securing email through enhanced technical capabilities such as DMARC, together with employee training and awareness, can further reduce an organization’s ransomware risk. GCA’s DMARC setup guide is available in 18 languages to support organizations in going the DMARC way.

In addition to blocking access to known malicious websites, it is critical to share information about malicious domains, in the case of ransomware particularly information about command and control domains utilized in these attacks. GCA developed Domain Trust to support the malicious domain information sharing need. In just six months Domain Trust has grown to 20 participating organizations sharing more than two million domains as of April 2021.

These tools and others will form elements of the Ransomware Framework recommended by Action 3.1.1 of the Task Force’s Report. However, as described above, one need not wait for the Framework to be finalized to take action. In addition to the above described resources, organizations large and small can benefit from implementing GCA’s Cybersecurity Toolkit for Small Business, which includes several additional resources to help organizations improve their cyber hygiene. 

Since its earliest days, GCA has supported resources to enhance cyber hygiene, including resources that can help mitigate ransomware. Our work is but one part of the collective action required to stop ransomware’s exponential threat. Our partners, particularly other non-profits are also key components, including the Institute for Security and Technology‘s leadership and vision to bring the Ransomware Task Force together, Cyber Readiness Institute’s policy and response guidance, Cybercrime Support Network’s assistance to cybercrime victims, the Cyber Threat Alliance to share relevant information at scale, and our co-founder, CIS, to name but a few.

We look forward to working with members of the Task Force and other stakeholders to develop and implement additional measures to stem ransomware. We need action by the global community to counter this threat.

Let’s all do our part.