The nongovernmental Institute for Security and Technology received more than $800,000 in additional funding from its partners to support its Ransomware Task Force for a second year.
Craig Newmark Philanthropies contributed $450,000 and the Hewlett Foundation $350,000 to continue implementing the RTF‘s recommendations around information sharing with federal agencies and cryptocurrencies. The RTF’s recommendation that the government establish a Cyber Response and Recovery Fund (CRRF) led to the Cybersecurity and Infrastructure Security Agency receiving $20 million in the federal infrastructure bill for that purpose.
RTF released an 81-page report in April detailing policies and actions for lessening the impact of pervasive extortion malware while strengthening enforcement when bad actors operate outside one’s jurisdiction, but ransomware attacks persist against institutions of all sizes.
“As the members of the RTF said at the time, piecemeal implementation of the report’s recommendations isn’t good enough; the implementation of as many of the recommendations as possible is what is needed in order to blunt the ransomware scourge,” an IST spokesperson told FedScoop on Friday. “Since the launch of the Ransomware Task Force report last spring, we have been executing a number of lines of effort to include focus areas on cryptocurrencies, cyber insurance, technical controls, information sharing, as well as other efforts that were called for in the report.”
Chainalysis, Microsoft, Palo Alto Networks, Rapid7, [redacted], Red Canary, Resilience Insurance, and SecurityScorecard also contributed funds for the RTF and continue to help with implementation of its recommendations.
Some of the RTF’s recommend require legislation, like creating a victims recovery fund, so they wouldn’t have to pay ransoms. Such a measure would need to accompany a federal ban on ransom payments, which would need to be phased in, RTF Co-chair Chris Painter told FedScoop in June. Federal agencies already don’t pay hacker ransoms.
While the RTF 60 multidisciplinary members failed to reach an agreement on a unilateral ban on ransom payments, they did recommend the government establish the CRRF to help cover the cost of restoring IT functionality for local governments, critical national functions and other entities.
“To enable more companies to bear the financial cost of remediation, national governments should create ‘cyber response and recovery funds,'” the RTF report reads.