Clare O’Neil, the Australian cybersecurity minister, plans to announce in coming days that a global task force to counter ransomware will become operational next month, the latest step in a global effort that began in Washington to fight back against the growing number of cyberattacks, a senior Biden administration official told CyberScoop.
As first announced during a recent summit in Washington, Australia will lead the International Counter Ransomware Task Force, which includes the U.S. and its allies, in an effort to foster greater international information sharing and exchanging capabilities to battling the global ransomware problem.
Australia is taking the lead “because they’ve had some very major ransomware attacks,” the senior administration official told CyberScoop. “They recognize that the network is global [and] the people are global so to take it on really requires global operational partnerships.”
Indeed, Australia has been hit with numerous high-profile ransomware attacks over the past year, including one that targeted one its largest private health insurers. Countries worldwide will be invited to join the ransomware task force, which will focus on resilience, disruption and efforts to counter illicit financial activities globally, according to the senior administration official.
The task force is the latest component of the Biden National Security Council’s attempts to deter ransomware actors and falls under the umbrella of the larger Counter Ransomware Initiative, a partnership that includes 36 countries and the European Union.
The administration has issued a series of sanctions against ransomware actors, cryptocurrency exchanges and mixers, moves that attempt to disrupt the financial infrastructure ransomware actors rely on to carry out and profit from attacks.
Prosecutors at the Justice Department have seized cryptocurrency balances alleged to have been obtained via ransomware schemes and together with law enforcement partners around the world have arrested several members of prominent ransomware gangs and issued rewards for the arrest of others.
Russian and U.S. law enforcement officials have even cooperated to bring some ransomware actors into custody — before the Russian invasion of Ukraine put relations between Washington and Moscow into deep freeze.
Tackling the ransomware phenomenon became an urgent priority for the Biden administration after a string of such attacks last year disrupted critical infrastructure in the United States. In May of 2021, a ransomware attack on Colonial Pipeline disrupted gasoline supplies to the Eastern Seaboard. A month later, a ransomware attack on the meatpacker JBS USA threatened to disrupt food supplies.
Beyond critical infrastructure, ransomware remains a major scourge across the world, disrupting hospital operations, schools, and, recently, the work of the Guardian newspaper.
Despite the Biden administration’s efforts to crack down, ransomware activity remains immensely lucrative. The average ransom demand in cases worked by Palo Altos’ Unit 42 security group in 2021 was more than $500,000. In 2021 alone, U.S. banks flagged $1.2 billion transactions as possible ransomware payments — a figure that likely represents an undercount of total global ransomware payments.
Global counter-ransomware task force to become active in January – CyberScoop