The Biden administration will soon release a plan to combat ransomware, according to U.S. Department of Homeland Security Secretary Alejandro Mayorkas.

“To have a long-term impact, we need a whole-of-government approach, paired with domestic and international partnerships,” Mayorkas said, speaking at the Ransomware Task Force’s virtual event today, during which he called ransomware a “threat to our national security.” Earlier, the group, whose members span law enforcement, academic, cloud providers, and cybersecurity vendors, issued an 81-page report that includes 48 recommendations to combat ransomware, which it says is a $350 million industry.

“Last week the Department of Justice created its own internal ransomware task force, and the White House is developing a plan, dedicated to tackling this problem,” Mayorkas continued. “The task force’s report provides a vision for what we can do to better address this urgent problem. DHS looks forward to working closely with the task force to turn its recommendations into action."

Amazon Web Services, Cisco, Palo Alto Networks, and Microsoft, along with the FBI and U.S. Cybersecurity and Infrastructure Security Agency (CISA) are among 60 organizations that comprise the Ransomware Task Force (RTC).

The group originally formed in December under the leadership of the Institute for Security and Technology (IST). At the time it included member companies Citrix, Cybereason, McAfee, Microsoft, Rapid7, and SecurityScorecard, along with the Cyber Threat Alliance and Global Cyber Alliance.

The task force has grown significantly since then — but so has the threat posed by ransomware.

Last year about 2,400 U.S.-based governments, healthcare facilities, and schools were victims of ransomware, according to the RTC report. And while 2020 broke records both in terms of ransom amounts paid to cyber criminals and ransoms demanded, 2021 already blew past those earlier records when a Russian-backed ransomware gang demanded Apple pay $50 million to “buy back” its Apple Watch and MacBook Pro blueprints.

In fact, the average ransom payment shot up 43% to $220,298 in the first quarter of 2021, compared to the fourth quarter of last year, according to Coveware’s latest research.

“The Ransomware Task Force report is not meant to belittle any of that good work” that other government agencies and industry associations have recommended, “but to stand on the shoulders of the best efforts, validate and clarify the best of the best to make them more easily accessible to help apply a more coordinated and strategic approach, and to highlight some innovative ideas that we think can make a real difference in reducing the risks associated with ransomware,” said RTF co-chair John Davis, VP of public sector at Palo Alto Networks and a retired U.S. Army major general.

To that end the group issued 48 recommendations that it says will disrupt the ransomware business model and mitigate the impact of these attacks.

Among these, the RTF calls on the White House to coordinate an anti-ransomware campaign that includes an interagency working group led by the NSA as well as an internal government joint ransomware task force that collaborates with the private-sector group.

The report also recommends a government-run cyber response and recovery fund to support ransomware response and other cybersecurity activities. Additionally, it recommends that the government mandate that organizations report ransom payments.

Ransomware gangs like Bitcoin in particular, said RTF Co-Chair Kemba Walden, who is also assistant general counsel for Microsoft’s Digital Crimes Unit. “And so we figure there must be a way to reduce profitability, making it difficult for them to retain profit through Bitcoin.”

In working with cryptocurrency exchanges, the task force found that “they don’t want illicit activity on their platforms as much as we don’t want this activity to profit,” Walden added. “So, there are ways that we can collaborate better with the on and off ramps to make sure that they know their customers and the transaction and are able to trace those transactions and lead to effective disruption.”