Palo Alto Networks Leads Efforts to Combat Ransomware

This post is also available in: 日本語 (Japanese)

Ransomware is one of society’s most pervasive threats, growing from a cybercrime nuisance to a critical risk to national and global security, economic stability, and public safety. The severity of this threat has been highlighted by recent events, including the shutdown of a major U.S. pipeline following an attack by one of the most prolific cyber extortion gangs.

Data from the Palo Alto Networks Unit 42 threat intelligence team demonstrates just how rapidly the cost of these attacks is growing: The average cyber ransom paid more than doubled last year to $312,493. So far in 2021, the average payment has nearly tripled again – to about $850,000. The highest demand our Unit 42 incident response team has seen this year was $50 million – up from $30 million in 2020.

Adversary tactics are also becoming increasingly egregious. Ransomware actors took advantage of the COVID-19 pandemic in 2020, preying on healthcare organizations and other critical sectors with brazen attacks on operations crucial for saving lives. They also upgraded their infrastructure and recruited heavily. Attacks are also targeting school districts, local governments, hospitals, manufacturing and critical infrastructure – like the pipeline operator.

To address the rise of ransomware, Palo Alto Networks recently joined more than 60 leaders from industry, academia, civil society and government in a coalition called the Ransomware Task Force (RTF). In addition to this whole-of-society effort, Palo Alto Networks is doing its part with technological solutions, developing products and services that can help thwart ransomware attacks. Existing and emerging security technologies can play a critical role in helping address the ransomware crisis.

I have served as one of the co-chairs of this group, which released the report “Combating Ransomware,” with practical and comprehensive recommendations to address the ransomware threat. Palo Alto Networks was also well represented across several of the RTF working groups to help develop the framework, including Adrian McCabe in the Disrupt group and Sam Rubin in Respond. Sean Morgan and I represented Palo Alto Networks in the Prepare group.

On May 5, I was honored to represent the RTF during a testimony to the U.S. House of Representatives Committee on Homeland Security. I pledged that our company will continue partnering with policymakers to support solutions that address ransomware, highlighting how critical robust public-private collaboration is to reverse the current trajectory.

After months of research and collaboration, the RTF report was unveiled during an event featuring U.S. Secretary of Homeland Security Alejandro Mayorkas. Leading experts highlighted the report’s four goals and five priority recommendations, which include:

Goals of the Combating Ransomware Report:

  1. Deter ransomware attacks through a nationally and internationally coordinated, comprehensive strategy.
  2. Disrupt the ransomware business model and decrease criminal profits.
  3. Help organizations prepare for ransomware attacks.
  4. Respond to ransomware attacks more effectively.

Recommendations From the Ransomware Task Force:

  1. Coordinated, international diplomatic and law enforcement efforts must proactively prioritize ransomware through a comprehensive, resourced strategy.
  2. The United States should lead by example and execute a sustained, aggressive, whole of government, intelligence-driven anti-ransomware campaign, coordinated by the White House.
  3. Governments should establish Cyber Response and Recovery Funds to support ransomware response and other cybersecurity activities.
  4. An internationally coordinated effort should be developed to provide a clear, accessible and broadly adopted framework to help organizations prepare for – and respond to – ransomware attacks.
  5. The cryptocurrency sector that enables ransomware crime should be more closely regulated to adhere to current laws.

While no single organization has all of the capabilities, resources or authority to address ransomware on their own, Palo Alto Networks is fully committed to doing our part to support this critical global effort. Learn more about our approach to ransomware protection.

John Davis is a retired U.S. Army Major General and vice president of public sector for Palo Alto Networks.