U.S. Ransomware Task Force Explained

The U.S. Ransomware Task Force (RTF), also known as the Joint Ransomware Task Force, is an interagency body that leads the American government's efforts to address the threats of ransomware attacks. It is jointly headed by the Department of Homeland Security’s cyber arm, the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation.

Background

Before the establishment of the Ransomware Task Force, the U.S. had launched several initiatives that coordinated a series of defensive and offensive measures targeting ransomware. This came about after a string of high-profile attacks that highlighted America's vulnerability in the cybersecurity space.[1] An example was the U.S. State Department's Ransomware and Digital Extortion Task Force, which was established in April 2020. It was created to counter ransomware attacks and actors and recover ill-gotten gains.[2] A year later, the Justice Department created its own ransomware taskforce in response to the onset of cybersecurity breaches that made 2021 the worst year for ransomware attacks.[3]

History

In May 2020, Russian operators hacked the Colonial Pipeline and shut down the American East Coast's gasoline supply. The White House responded in July, and established the RTF.[4]

The creation of the RTF as an interagency body was ratified by the U.S. Congress in 2022. Under Section 106 of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), the task force is mandated to serve as the central body that coordinates ongoing nationwide campaigns against ransomware attacks. It is also tasked to initiate international cooperation on a global scale. The task force is run as a cooperative team using the resources and authority of the Department of Justice, Department of Homeland Security, Department of State, and Department of Treasury.[5]

Initiatives

US government measures

In 2021, the RTF released a report, Combating Ransomware: A Comprehensive Framework for Action, that was drafted by a team of industry, law enforcement, and government experts.[6] It recommended that the White House should lead a whole-of-government, intelligence-driven anti-ransom campaign; and create a Ransomware Incident Response Network as well as a Ransomware Response and Recovery Fund to minimize ransomware threats. The report noted a lack of international coordination not just in mounting countermeasures but also in terms of enforcement due to the absence of regulatory frameworks and relevant regional laws.[7]

The RTF conducts defensive and offensive operations, which include reverse-hacking. In 2023 the taskforce successfully dismantled the Hive, an international ransomware network responsible for extorting hundreds of millions of dollars from victims both in the United States and abroad.[8] The RTF also conducts different initiatives to shore up cybersecurity capabilities in the private sector. It holds, for example, weekly summits for businesses to strengthen their digital defenses and prevent the use of anonymized cryptocurrency platforms as a means to pay ransom demands.[9] In the first half of 2022, the RTF reported a significant decline in ransomware attacks in the U.S.[10]

Private sector measures

The American private sector has launched initiatives to address cybersecurity. These include a ransomware task force launched by large information technology companies as well as non-profit organizations seeking to mitigate the incidence of ransomware risks not just in the U.S. but also around the world.[11] In pursuit of the 2023 U.S. National Cybersecurity Strategy, the RTF seeks stronger collaboration with the private sector through programs such as Quad Cyber Challenge. There is also an emphasis on reinforced intelligence dissemination efforts (e.g. CISA's ransomware-related cybersecurity advisories), increased law enforcement campaigns, and cybercrime sanctions, among others.[12]

See also

Notes and References

  1. https://www.politico.com/news/2021/07/14/white-house-ransomware-task-force-499723 White House announces Ransomware Task Force—and Hacking Back is One Option
  2. Ryan, Jake; Diorio, James; Crypto Decrypted: Debunking Myths, Understanding Breakthroughs, and Building Foundations for Digital Asset Investing; Hoboken, NJ: John Wiley & Sons; (2023); ISBN 978-1-394-17853-7; p 106
  3. Fung, Brian; Justice Department is launching a Ransomware Task Force; CNN;
  4. Suderman, Alan and Tucker, Eric; Major US pipeline halts Operations After Ransomware Attack; Associated Press; (2021-05-09)
  5. https://www.healthlawadvisor.com/u-s-department-of-justice-announces-interagency-task-force-to-combat-covid-19-relief-fraud U.S. Department of Justice announces Interagency Task Force to Combat COVID-19 Relief Fraud
  6. https://nsarchive.gwu.edu/themes/custom/nsarchive/templates/pdfjs/web/viewer.html?file=https%3A%2F%2Fnsarchive.gwu.edu%2Fsites%2Fdefault%2Ffiles%2Fdocuments%2F20706750%2F10-20210400-ist-ransomware-task-force-report.pdf Ransomware Task Force Report
  7. Girasa, Rosario; Scalabrini, Gino J; Regulation of Innovative Technologies: Blockchain, Artificial Intelligence, and Quantum Computing; Springer Nature; (2022); ISBN 978-3-031-03869-3; p. 43.
  8. USDOJ. (2023-01-26). U.S. Department of Justice Disrupts Hive Ransomware Variant : USDOJ
  9. Sganga, Nicole; White House launches Ransomware Task Force Amid Calls for Retaliation Against Russia; CBS; (2021-07-15)
  10. Pattison-Gordon. Report: U.S. Making Progress in Fight Against Ransomware; Government Technology; (2023-05-11)
  11. Ishikawa, Tomoko; Kryvoi, Yarik (2023-11-30). Public and Private Governance of Cybersecurity: Challenges and Potential. Cambridge: Cambridge University Press. ISBN 978-1-009-37453-8, p. 219
  12. Ransomware Task Force; (2023); The Ransomware Task Force: Gaining Ground; Security, and Technology; Auto-PDF-download