Microsoft Corp., Citrix Systems Inc. and McAfee Corp. are heading up a coalition of security firms, tech companies and nonprofits that aim to combine their expertise, resources and tools to combat the growing threat of ransomware attacks.

The Ransomware Task Force, announced Monday by the Institute of Security and Technology, and aims to provide companies and organizations with clear recommendations on what action they can take to mitigate the threat of ransomware that infects their computer systems.

IST says that ransomware is one of the most common forms of malware. It’s used by cyberattackers to lock people out of their computer systems and extort a payment in order to regain access to their documents and files. It can lead to dangerous consequences as people are prevented from accessing hospital, school and government networks. For example, in November the Baltimore County Public School system was forced to cancel classes for a day because of a ransomware attack.

Researchers say that ransomware is a growing problem. A recent report from Check Point Software Technologies Ltd. found that ransomware attacks increased by 50% in the third quarter of 2020 compared with the same period one year ago.

The attackers make big money too. Emisoft Ltd. said in a recent report the average ransomware demand in 2020 was about $84,000, and that about one-third of victims actually paid the ransom in order to regain access to their systems. Indeed, several high-profile companies have admitted to paying off attackers, including the University of Utah, which paid a reported $457,000, and the foreign currency exchange provider Travelex, which gave hackers $2.3 million in bitcoin to restore its network following an attack in December 2019.

Those who don’t choose to pay off their attackers usually turn to security experts for help, but IST says they often provide wildly different advice and solutions, many of which prove to be ineffective.

“The RTF’s founding members understand that ransomware is too large of a threat for any one entity to address, and have come together to provide clear recommendations for both public and private action that will significantly reduce the threat posed by this criminal enterprise,” IST said in a statement.

The RTF said it will commission expert papers on the topic, engage stakeholders across industries, identify gaps in current solutions and then work to create a common roadmap that will address all issues raised by its members.

Eventually, it hopes to come up with a standardized framework for dealing with ransomware attacks across verticals, based on industry consensus. The RTF aims to have its website, which will include full membership details and leadership roles, up and running in January.

Image: TheDigitalArtist/Pixabay