The Counter-Ransomware Task Force (CRTF) set up by the Singapore government has come up with four major areas of action required to counter the menace of ransomware.
The CRTF was commissioned to convene government agencies across relevant domains, capabilities, and operational plans to strengthen Singapore’s counter-ransomware efforts.
Another objective of the task force was to put Singapore in a better position to push for international action against the global ransomware threat.
The CRTF comprises senior representatives from the Cyber Security Agency (CSA), Government Technology Agency (GovTech), Infocomm Media Development Authority (IMDA), Ministry of Communications and Information (MCI), Ministry of Defence, Ministry of Home Affairs, Monetary Authority of Singapore (MAS) and Singapore Police Force, as well as support from the Attorney General’s Chambers.
The CRTF’s findings and recommendations will serve as a blueprint to guide the government and respective agencies’ efforts to secure Singapore from ransomware attacks.
The first recommendation of the task force was to strengthen the defences of potential targets such as government agencies, critical information infrastructure (CII) and businesses to make it harder for ransomware attackers to launch attacks.
It recommended that organisations should implement risk-mitigation measures which include, among others, a strong credential management policy, robust offline backup system, network segregation and segmentation and a restoration plan to ensure key assets can be recovered in the event of an attack.
For CIIs the task force felt that the Cybersecurity Code of Practice (CCOP), which was recently revised in July 2022, provided adequate guidance on the appropriate risk identification and mitigation measures.
Disrupt business model
The second recommendation was to disrupt the ransomware business model to reduce the pay-off for ransomware attacks.
The task force added that the government “strongly discourages the payment of ransoms and will continue to highlight the risks and implications of doing so”.
The CRTF also recommended studying the implications of cyber insurance policies that include coverage of ransom payments on the ransomware industry, and the potential impact if such coverage is disallowed.
The task force also said that there was a need to trace the illicit flows of assets paid in ransom (usually in cryptocurrency) more effectively to reduce the likelihood of ransomware attackers being able to abscond with ransom payments.
The task force added that the government should consider making it mandatory for organisations to report the payment of a ransom.
Such information was necessary for the government to be able to trace these illicit financial flows and claw back ransom payments, CRTF said.
The third recommendation was that the government set up a mechanism to support the recovery of victims of ransomware attacks so that they did not feel pressured to pay the ransom, which fuels the ransomware industry.
The task force said that this could be done by providing resources to victims to help them recover from attacks.
In this regard, the CRTF recommended the creation of a one-stop portal for organisations to access all ransomware-related resources.
The portal would provide links to resources, such as decryption keys and response checklists, that could assist in recovery efforts after a ransomware attack, CRTF said.
The task force encouraged the transformation of cyber insurance into a risk management practice and for the government to explore levers to increase the take-up rate of cyber insurance amongst organisations, while the impact of covering ransom payments was being studied.
Working with international partners
The fourth recommendation of the task force was for government agencies to work with international partners to ensure a coordinated global approach to countering ransomware.
For this, the CRTF recommended three specific areas of focus.
One was law enforcement coordination to explore ways to expedite cross-border law enforcement.
The second was working with other governments on anti-money laundering measures and ensuring that regulatory gaps were addressed so that illicit ransom flows could be traced and the abuse of virtual assets stopped.
CRTF also recommended that the government work with international partners to discourage ransom payments.
It said without international alignment on the insurance policies covering ransom payments, any attempt to discourage these within Singapore’s domestic market would be ineffective as businesses could easily turn to insurance providers overseas to buy insurance policies.
Singapore’s Commissioner of Cybersecurity, Chief Executive of CSA and Chairman of the CRTF, David Koh, said ransomware was both a cross-border and cross-domain problem.
“Not only does it require us to work together and draw on our expertise in many domains, such as cybersecurity, law enforcement and financial supervision, but it also requires us to work with like-minded international partners to find common cause and identify solutions together. We urge organisations and individuals to do their part too so that we can strengthen our collective defence against the ransomware scourge,” Koh added.