. . . letters of marque and reprisal?

These are not useful if you do not know whom to target. The biggest problem is crapto, as it still allows money-laundering of pretty large sums. Obviously, these capabilities get used by others as well, and hence crapto is still nowhere near regulated and monitored as conventional money transfers are. And hence the ransomware campaigns continue and, besides a few really stupid operators, we have no clue who is behind them.

The other problem is, obviously, people operating important IT systems with grossly in

Trump's boss won't allow him

"the report suggests defenders should focus less on tracking specific groups and more on stopping common tactics like credential theft, remote access abuse, and large-scale data exfiltration."

Both!

They're not mutually exclusive.

Or, as I've been saying for many years, we could outlaw paying ransoms. Do that and the whole ransomware ecosystem would shrivel up. The only reason it exists is that people keep paying ransoms. If we'd done it 15 years ago, the amount of harm that would have been avoided would be vast.

It also is the only solution that has any chance of success. As long as there's money to be made, attackers will keep finding ways to extort people.