As ransomware continues to wreak havoc on organizations of all sizes, a new Ransomware Task Force (RTC) has been formed to combat the threat and has invited Datto to join as a founding member.
Organized by the Institute for Security and Technology (IST), the task force is comprised of a broad coalition of experts who aim to tackle the problem of ransomware on all fronts, from prevention to best practices for data protection.
As part of the RTC, Datto says it will play a key role in representing the managed-service provider (MSP) community by focusing on the interests of small and mid-sized businesses.
Datto’s leadership on the group is another testament to the company’s expertise on ransomware, data backups and disaster recovery.
Here’s what we know so far about the task force.
What is the Ransomware Task Force?
The Ransomware Task Force is a coalition of experts whose mission is to provide recommendations that will help to significantly reduce the threat and impact of ransomware.
The task force was announced in December 2020 by the Institute for Security and Technology. The group is comprised of individuals and organizations across multiple industries, including law enforcement, government, healthcare, nonprofits, cybersecurity and technology.
IST says the task force will conduct “a two-to-three month sprint” to identify a clear framework of actionable solutions for combatting ransomware.
Who’s on the task force?
In addition to Datto, the Ransomware Task Force’s founding members include experts from Microsoft, Palo Alto Networks, Red Canary, Citrix, FireEye, The Cybersecurity Coalition, McAfee, Ernst & Young and others.=
As of this writing, 33 organizations have joined the task force, which may continue to grow in the weeks ahead. The group’s co-chairs include John Davis of Palo Alto Networks, Megan Stifel of Global Cyber Alliance and Michael Phillips of Resilience. Its executive director is Philip Reiner of the Institute for Security and Technology.
What’s the plan?
The Ransomware Task Force has an ambitious goal of actually defeating ransomware.
Given the prevalence of attacks, which are carried out by a wide range of actors, including notorious hacker groups and nation states, it’s unlikely that ransomware will be wiped out entirely anytime soon. Still, the RTF has set out to vastly reduce the threat through every means possible.
The group states on its website that it will “synthesize best practices across sectors, identify solutions in all steps of the ransomware kill chain, identify gaps in solution application, and engage stakeholders across industries to coalesce a diverse set of ideas and solutions.”
What role will Datto play on the task force?
As a leader in data backup solutions, Datto is well poised to address both the risks of ransomware and solutions to help businesses quickly recover their data after an attack.
Datto is the sole channel-only company invited to join the task force, given that Datto’s products are sold exclusively through its MSP partners around the world. (In 2020, Datto surpassed 17,000 MSP partners.) By working directly with these IT providers, Datto is better equipped to understand the unique challenges facing its 1 million+ global users.
In a press release, Datto explained: “MSPs are on the frontlines of a cyber war, protecting both their own infrastructure and the IT systems of the SMB customers they serve from threats such as ransomware.”
As part of the task force, Datto says it will help educate and empower IT providers to make cyber resilience a top priority in 2021, identifying the tools and practices needed to mitigate the impact of ransomware and recover quickly from an attack.
Why now?
The Ransomware Task Force is being touted as a first-of-its-kind coalition for combatting ransomware.
So, why is this happening now?
In short: because ransomware is a serious problem. And it has only worsened during the COVID-19 pandemic.
- Attacks spiked by as much as 400% in the early months of the global health crisis, according to the FBI.
- In November, U.S. law enforcement agencies warned of imminent attacks against the healthcare system.
- Attacks became more targeted and ransom demands ballooned into the millions of dollars.
- In Germany, a patient died after being turned away from the nearest hospital after it was crippled by ransomware.
And yet, as long as businesses continue to pay the ransom and neglect the need for stronger cybersecurity, the problem only gets worse. Each successful attack and subsequent ransom payment embolden hackers and bankroll their efforts.
What does ransomware do, exactly?
If you’re new to ransomware, it’s important to understand just how destructive it can be.
Ransomware is a form of malware that encrypts files on your computer. The encryption renders the files useless, including the application data that powers your software and operating systems. So in essence, it bricks your computer. In a worst-case scenario, the infection spreads across a network to every computer and server it can access.
The hackers give you one option: pay a ransom (via cryptocurrency) to get the decryption key or risk losing your data forever. But paying the ransom is strongly discouraged by law enforcement. Doing so doesn’t guarantee your data will be restored, and it could expose you to future attacks.
Worst of all is the operational downtown caused by these attacks. With computer systems down, companies are unable to carry out their critical business functions. This can cause revenue losses, wasted wages for idle employees and reputational damage. Even a single hour of downtime can cost small businesses tens of thousands of dollars. Some companies never reopen their doors.
This is a huge problem. How will RTF solve it?
There has never been a single, one-size-fits-all solution for combatting ransomware. For businesses, only a multi-pronged strategy that focuses on prevention, employee education and recovery will work to mitigate the threat.
As such, a similar multipronged approach will be needed if we’re ever going to tackle ransomware on a universal scale. That’s where the task force comes in.
As Datto wrote in its press release, “Working in silos against these sophisticated attackers is no longer an option … Only by working together across industries and sectors can we hope to make progress against these threat actors.”
Since the task force is still in its infancy, there aren’t yet too many details on how exactly the group will defeat ransomware. But we can surmise based on who’s on the coalition how it might approach the problem.
Imagine, for example, if there was a single universal roadmap for organizations to follow that outlines the best practices for:
- Avoiding, blocking and/or removing ransomware
- Conducting employee training & disaster recovery planning
- Responding to infections
- Deploying the most effective backup systems
- Dealing with hackers, law enforcement, insurance companies and other outside parties
- Restoring infected systems back to normal with minimal interruption
By pushing out these consistent practices to a wide network of IT providers, law enforcement agencies and industries, the task force could absolutely make a dent in the ransomware world.
Remember that ransomware is a business model
Ransomware thrives on its ability to extort money from its victims. When businesses pay the ransom, no matter how minimal, it makes the attack profitable for all those involved.
But the opposite is also true. If businesses stop paying their attackers, ransomware will naturally fade away.
It’s important to remember that ransomware is fueled by an entire market, consisting of not only hackers, but also developers, sellers of DIY ransomware kits and others who are purely looking for financial gain. So the most effective way to curb attacks is to make it no longer profitable for hackers and others in the ransomware industry.
The role of data backup
Data backup has always been a critical layer of protection against ransomware. When an infection occurs, typically the fastest and best way to restore encrypted data is to recover it from a backup. By using a recovery point from before the attack occurred, businesses can restore systems back to normal and remove the infection at the same time.
Datto’s data backup systems take this protection a step further by featuring built-in ransomware detection. As backups are performed (which can be a near-continuous process on Datto’s systems, thanks to their high backup frequencies), the system scans the data for signs of ransomware. This gives admins a jump on removing ransomware at the first sign of an infection, before it spreads across the network.
Datto’s backup solutions also offer a wide range of recovery methods to help businesses restore their data after an attack. Its Rapid Rollback feature, for example, is specifically designed to address situations like ransomware. It allows organizations to quickly restore only the files that have undergone major unwanted changes (such as encryption), without the need to restore the entire system.
On the Ransomware Task Force, Datto will undoubtedly be able to share its insights on solutions and processes that are most effective against ransomware.
This isn’t the first time Datto has supported larger missions against cybercrime and other disasters. In 2017, Datto dispatched Disaster Response Teams to Texas to help businesses affected by Hurricane Harvey. More recently, Datto also offered a free scanner to help IT providers determine if their networks were compromised by the widespread SolarWinds hack. So we’re excited to see how the Ransomware Task Force takes shape in the weeks ahead.
Protect your business from ransomware
Learn more about protecting your organization from a ransomware attack with BC/DR solutions from Datto. Request a free demo or speak to our business continuity experts at Invenio IT today. Call (646) 395-1170 or email success@invenioIT.com.
