Ransomware Task Force focuses on improving protection against ransomware intrusions, disrupting hackers

The U.S. Cybersecurity and Infrastructure Agency (CISA) and the Federal Bureau of Investigation (FBI) co-chaired an initial meeting of the Joint Ransomware Task Force (JRTF) last week. The initiative will bring together existing efforts and identify new initiatives to effectively leverage the unique authorities and capabilities across the government and the private sector, including actions to protect against ransomware intrusions more effectively and to disrupt ransomware hackers.

The JRTF is an interagency body established by Congress that seeks to unify and strengthen efforts against the ongoing threat of ransomware, with the aim of improving coordination and making measurable progress in addressing the ransomware threat. 

Some of the activities that will be coordinated by the JRTF include prioritization of operations to disrupt specific ransomware actors, and facilitating coordination and collaboration between federal entities and relevant private sector and State, Local, Tribal, and Territorial (SLTT) entities. 

The move works towards improving federal actions against ransomware threats, including efforts to increase adoption of defensive measures to reduce the prevalence of successful ransomware intrusions. Additionally, the agencies look to identify a list of highest threat ransomware entities updated on an ongoing basis; and collect, share, and analyze ransomware trends.

“Significantly reducing the prevalence and impact of ransomware intrusions requires deep collaboration and coordination across the public and private sectors,” Eric Goldstein, executive assistant director for cybersecurity at CISA and co-chair of the JRTF, said in a readout statement. “With our close partners at the FBI and other government agencies and benefiting from the expertise and capabilities of the private sector, this task force will take the necessary steps to synchronize our efforts and implement actions that can help lead to a future where ransomware no longer afflicts American organizations.”

“The FBI’s commitment to combating the ransomware threat has never wavered and continues to be a top focus,” Bryan Vorndran, assistant director of cyber division at FBI and co-chair of the JRTF, said. “The Joint Ransomware Task Force signifies the FBI’s continuance to ensure safety, security, and confidence in a digitally connected world, and we’re looking forward to coordinating the threat with a whole-of-government approach.”

Industrial cybersecurity company Dragos disclosed last month a drop in industrial ransomware incidents for the year’s second quarter, as ransomware groups continued to target industrial organizations and infrastructures, disrupting operational technology (OT) operations. The fall is likely to have come as a result of the closure of the Conti hacker group which led to most of the ransomware attacks in the previous two quarters.

While the number of reported ransomware incidents is slightly less than the numbers reported by Dragos in the last quarter, “the impact of those attacks remains significant to the targeted industrial organizations, dependent sectors, and their subsidiaries.”

Last week, the CISA held its fourth Cybersecurity Advisory Committee meeting, with members providing updates to the agency on the work carried out by the subcommittees. Apart from this, two of the seven subcommittees – Protecting Critical Infrastructure from Mis- Dis- and Mal (MDM) information and Building Resilience and Reducing Systemic Risk to Critical Infrastructure – provided new recommendations to the CISA director.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.