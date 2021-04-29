“There is no silver bullet, but if we’re going to shift the trajectory of this type of attack the U.S. government has got to get at this with some speed,” said task force co-chair Philip Reiner, executive director of the nonprofit Institute for Security and Technology.

Ransomware developers and their affiliates should be named and shamed (they are not always easy to identify) and regimes that enable them punished with sanctions, the report urges.

It calls for mandatory disclosure of ransom payments and a federal “response fund” to provide financial assistance to victims — in hopes that, in many cases, it will prevent them from paying ransoms. And it wants stricter regulation of cryptocurrency markets to make it more difficult for criminals to launder ransomware proceeds.

The task force also calls for something potentially controversial: amending the U.S. Computer Fraud and Abuse Act to let private industry actively block or limit online criminal activity, including of botnets, the networks of hijacked zombie computers that ransomware criminals use to sow infections.

The odds of successfully stifling ransomware are high, the report’s authors acknowledge: “The old adage that a cybercriminal only has to be lucky once, while a defender has to be lucky every minute of every day, has never been more true.”

