Singapore’s Counter Ransomware Task Force Report provides blueprint to counter ransomware effectively

20 December 2022

On 30 November 2022, Singapore’s Counter Ransomware Task Force (“CRTF”) released a report setting out its findings and recommendations which are intended as a blueprint to guide the Government and respective agencies’ efforts to secure Singapore from ransomware attacks.

Convened in January 2022, CRTF was chaired by the Commissioner of Cybersecurity and Chief Executive of the Cyber Security Agency of Singapore (“CSA”). CRTF’s membership comprises senior representatives from CSA, the Monetary Authority of Singapore, the Ministry of Home Affairs, the Singapore Police Force, the Ministry of Communications and Information, the Info-communications and Media Development Authority, the Ministry of Defence and the Government Technology Agency, with supporting representatives from the Attorney-General’s Chambers.

After meeting six times between January and September 2022, CRTF’s work culminated in three key outcomes:

• A consolidated understanding of the ransomware kill chain, upon which Government agencies can coordinate and develop counter-ransomware solutions;
• Recommendation on whether victims should pay ransom to ransomware actors; and
• Recommended policies, operational plans, and capabilities under four pillars of action that the Government should consider to counter ransomware effectively.

Recommended four pillars of action

To address the ransomware threat effectively, CRTF recommends that the Government focus on four pillars of action:

• Pillar 1: Strengthen defences of high-risk targets (such as Government agencies, critical information infrastructure, and businesses) to make it harder for ransomware attackers to launch successful attacks.
  • Organisations should implement risk-mitigation measures such as: (i) a sound credential management policy to prevent unauthorised access, (ii) network segregation and segmentation, (iii) a robust offline backup system, and (iv) a restoration plan to ensure that key assets can be recovered in the event of a ransomware attack.
  • For critical information infrastructure owners who operate essential services, CRTF reviewed the Cybersecurity Code of Practice (“CCOP”), which was recently revised in July 2022, and agreed that it provided adequate guidance for critical information infrastructure owners on the appropriate risk identification and mitigation measures. The CCOP will be regularly updated to ensure that it remains relevant.

• Pillar 2: Disrupt the ransomware business model to reduce the pay-off for ransomware attacks.
  • The Government strongly discourages the payment of ransoms and will continue to highlight the risks and implications of doing so. CRTF also recommends studying the implications of cyber insurance policies that include coverage of ransom payments on the ransomware industry, and the potential impact if such coverage is disallowed.
  • Tracing the illicit flows of assets paid in ransom (usually in cryptocurrency) more effectively to reduce the likelihood of ransomware attackers being able to abscond with ransom payments. One recommendation is to consider making it mandatory for organisations to report the payment of a ransom.

• Pillar 3: Support recovery so that victims of ransomware attacks do not feel pressured to pay the ransom, which fuels the ransomware industry.
  • Providing resources to victims to help recover from ransomware attacks such as a one-stop portal for organisations to access all ransomware-related resources, aimed at victims of ransomware attacks seeking recovery support.
  • Encouraging cyber insurance as a risk management practice.

• Pillar 4: Work with international partners to ensure a coordinated global approach to countering ransomware.
  • Exploring ways to expedite cross-border law enforcement collaboration on a bilateral or plurilateral basis, such as an international framework for information exchange and interdiction of ransom payments.
  • Continuing to work with international counterparts towards timely and consistent implementation of Financial Action Task Force (FATF) standards on combating money laundering and the financing of terrorism and proliferation.
  • Working with international partners to study the effects of insurance policies covering ransom payments on the ransomware industry.

The recommendations of CRTF will be taken up by the relevant Government agencies for further study and action.

Reference materials

The following materials are available on the CSA website www.csa.gov.sg:

• CSA press release: Inter-agency Counter Ransomware Task Force Releases Report - A Blueprint to Protect Singapore from Ransomware Attacks
• CRTF Report