Headed by the FBI and the American cybersecurity agency (CISA), a new American working group responsible for working on the problem of ransomware has just published its roadmap. This coordination body, set up by a recent law, has indeed just organized its first meeting.
CISA’s Cybersecurity Advisory Committee is meeting right now. CISA cyber division chief Eric Goldstein said CISA and the FBI are launching the Joint Ransomware Task Force (required under the incident reporting legislation) tomorrow.
— Eric Geller (@ericgeller) September 13, 2022
In a press release published in mid-September, spotted by the Risky Biz News newsletter, the Joint Ransomware Task Force therefore lists its four areas of work. First of all, it is a question of prioritizing actions aimed at hindering the action of ransomware gangs. The document does not give any details on this type of operation, which can take the form of legal investigations but also of operations to dismantle servers.
Offensive and defensive approach
The working group then plans to work on improving coordination between public and private players on the subject of the fight against ransomware. He will also work on updating a list of the most threatening actors. And finally it will share and analyze information on emerging trends.
So be both an offensive and defensive approach to the problem of ransomware, one of the main threats in terms of computer security today. As specialist journalist Catalin Cimpanu points out, this roadmap should be welcomed by the cybersecurity community, “which has long called for a more proactive approach” to combat ransomware gangs.
Action against REvil
Beyond the ongoing criminal investigations, last year the Ministry of Justice had already launched another task force responsible for attacking the roots of the evil, such as by attacking the dismantling of servers used for attacks. And in October 2021, with the help of partner nations, the FBI and Cyber Command had also been implicated in hacking the ransomware gang REvil, the franchise that claimed responsibility for the attack on the Kaseya company.
Such offensive actions against cybercriminals are nothing new. Microsoft had for example taken control of a botnet, Zloader, last spring. But we can expect to see more and more. With results that must be put into perspective. Despite the action against REvil and arrests carried out a few months later in Russia, researchers had noticed a return of the mafia franchise in the spring.