Information Sharing in the Ransomware Payment Ecosystem: Exploring the Delta Between Best Practices and Existing Mechanisms
Zoë Brammer
SUMMARY
This report first describes in detail a ransomware attack scenario exercise conducted by IST’s RTF Payments Working Group. Next, it compares the results of this exercise with recent collaborative operations, including the Hive disruption operation, the Emotet botnet takedown, and the Colonial Pipeline ransom payment recovery. This report in turn outlines existing formal federal information sharing mechanisms in the United States, maps these mechanisms atop the ransomware payment ecosystem map, and identifies gaps that, if addressed, could clarify the information environment and help scale disruptive operations. Finally, this report delineates steps that the United States and its partner governments can take to bolster information sharing with the private sector to help scale existing best practices.
Thank you to the following contributors: David Aaron, Silas Cutler, Matt Georgy, James Gulak, Adam Hickey, Trevaughn Smith, Megan Stifel
download pdf