donate EXPLORE
donate

Ransomware Task Force (RTF)

Combating the Ransomware Threat with a Cross-Sector Approach

Since launch in April 2021, the Ransomware Task Force (RTF) unites key stakeholders across industry, government, and civil society to innovate new solutions, break down silos, and find effective new methods of countering the ransomware threat.

Ransomware is a prevalent and destructive type of cybercrime, with increasingly dangerous physical consequences. Hospitals, school districts, city governments, public infrastructure, and countless other organizations have found their networks and data held hostage by malicious actors seeking monetary gain. The RTF aims to equip businesses, organizations, and governments of all sizes to prepare for these attacks, effectively respond, and quickly recover.

The RTF hosted an online launch event on April 29th, 2021 with a powerhouse lineup of the experts that led the RTF process, and keynote remarks by the Honorable Alejandro N. Mayorkas, U.S. Secretary of Homeland Security.

On May 20 2022, the RTF hosted a one-year reflective, featuring keynote addresses by National Cyber Director Chris Inglis and Deputy Attorney General Lisa Monaco, fireside chat sessions with current and former CISA directors Jen Easterly and Chris Krebs; and showcase three focused panel discussions, positioning itself and its participating members for accelerated impact in 2022 and beyond.

The Ransomware Task Force Report

Combating Ransomware: A Comprehensive Framework for Action:
Key Recommendations from the Ransomware Task Force | April 2021

In April 2021, the Ransomware Task Force launched its seminal report, Combating Ransomware: A Comprehensive Framework for Action. The product of over 60 experts from industry, government, law enforcement, civil society, and international organizations, the report provided 48 specific recommendations and advocated for a unified, aggressive, comprehensive, public-private anti-ransomware campaign.

Explore the full RTF Report

The Blueprint for Ransomware Defense

The Blueprint for Ransomware Defense
An Action Plan for Ransomware Mitigation, Response, and Recovery for Small- and Medium-sized Enterprises | August 2022

The Ransomware Task Force called for the cybersecurity community to “develop a clear, actionable framework for ransomware mitigation, response, and recovery.” The basis for this Blueprint for Ransomware Defense is the CIS Controls, a set of well-regarded and widely-used best practices that help enterprises focus their resources on the critical actions needed to defend against the most common cyber attacks. It includes a subset of these best practices, or “Safeguards,” that are most relevant to combating ransomware.

Read the Blueprint for Ransomware Defense

Mapping the Ransomware Payment Ecosystem

Mapping the Ransomware Payment Ecosystem:
A Comprehensive Visualization of the Process and Participants | November 2022

The Institute for Security and Technology’s Ransomware Task Force (RTF) is working to further illuminate the ransomware payment ecosystem as part of our efforts to improve the information environment and blunt the ability for criminal and other malign actors to profit from ransomware attacks, and thereby stop engaging in ransomware for profit.

Central to mitigating the threat of ransomware is the development of a common understanding of the actors, stakeholders, processes, and information, both required for and produced during the ransomware payment process. Yet, when we began this work, such a picture did not exist. IST undertook this effort to fill that gap.

Read Mapping the Ransomware Payment Ecosystem

Progress Reports

As part of our ongoing mission to counter the ransomware threat, the Ransomware Task Force continually reflects on its original recommendations and monitors policy changes across industry and government. We engage with these findings openly, and work with our members to be agile in our ongoing recommendations.

Explore RTF Progress Reports

Cyber Incident Reporting Framework

A group led by Cyber Threat Alliance and the Institute for Security and Technology that includes CREST, CipherTrace, Coveware, Cybera, Cybercrime Support Network, Cyber Peace Institute, Open Cybersecurity Alliance, and SolarWinds came together to provide input regarding cyber incident reporting. They developed a set of model reporting formats the Cybersecurity and Infrastructure Security Agency (CISA) could use as the foundation for the reporting forms. The report contains 3 sections:

  1. Purpose, Expectations, and Definitions
  2. Principles
  3. Incident Reporting Fields

Read the proposed Cyber Incident Reporting Framework

Ongoing Lines of Effort

The work of the Ransomware Task Force continues to accelerate, with several discrete lines of effort continuing to build upon the findings of the RTF Report, synthesize the lessons learned and shared among our members and supporters, and adapt to the evolving ransomware threat itself. For 2022, the RTF continues work in the following areas:

  • Cyber Insurance Roundtable Series
  • Cryptocurrency Working Group
  • Blueprint for Ransomware Defense Working Group
  • Victim Notification Working Group
  • International Engagement Working Group

RTF Organization

Effectively combating ransomware requires the dedicated, prioritized attention of experts across industry and government. IST was honored to have the opportunity to convene and work with this groundbreaking coalition and interdisciplinary group of leaders on the Ransomware Task Force. 

The RTF consists of over 60 members from software companies, government agencies, cybersecurity vendors, financial services companies, nonprofits, and academic institutions working together on a comprehensive framework of actionable solutions. Their work synthesized best practices across sectors, identified solutions in all steps of the ransomware kill chain, targeted gaps in solution application, and engaged stakeholders across industries to coalesce around a diverse set of ideas and solutions.



RTF Working Group Co-Chairs

John Davis, Palo Alto Networks
Megan Stifel, IST
Michael Phillips, Resilience
Kemba Walden, Microsoft
Jen Ellis, Rapid7
Chris Painter, The Global Forum on Cyber Expertise Foundation
Michael Daniel, Cyber Threat Alliance
Philip Reiner, IST



RTF Steering Committee Members

Daniel Barriuso, Banco Santander
Raj De, Mayer Brown
Craig Froelich, Bank of America
Royal Hansen, Google
Amy Hogan-Burney, Microsoft
Sandra Joyce, Mandiant
Christopher Krebs, Krebs Stamos Group
Ciaran Martin, University of Oxford
Wendy Nather, Cisco
Jai Ramaswamy, Andreessen Horowitz


Members and Line of Effort Participants Are From

a16z
Amazon Web Services
Aspen Digital
Aviation ISAC
Banco Santander
Bank of America
Blackbaud
BlueVoyant
Center for Internet Security
CFC Underwriting
Chainalysis
CipherTrace
Cisco
Citrix
Coveware
CrowdStrike
CyberPeace Foundation
The CyberPeace Institute
Cybereason
Cyber Threat Alliance
Cybera
CyberArk
Cybersecurity Coalition
Datto
Deloitte
Ernst & Young
FireEye
Jefferson County, CO
K12 SIX

McAfee
Microsoft
National Governors Association
New York Department of Financial Services (NYDFS)
Palo Alto Networks
Rapid7
Recorded Future
Red Canary
Redacted
Resilience
Royal Canadian Mounted Police’s National Cybercrime Coordination Unit (NC3)
SecurityScorecard
The Shadowserver Foundation
Stratigos Security
Team Cymru
Third Way
University of Oxford Blavatnik School of Government
U.K. National Cyber Security Centre (NCSC)
U.K. National Crime Agency (NCA)
U.S. Cybersecurity and Infrastructure Security Agency (CISA)
U.S. Federal Bureau of Investigation (FBI)
U.S. Secret Service (USSS)
U.T. Austin Strauss Center

Announcements and Events

May 2022: Event – Combating Ransomware: A Year of Action

April 2022: IST Joins Cyber Civil Defense Initiative

February 2022: RTF Announces New Funding

April 2021: Launch Press Release

December 2020: Inaugural Press Release


Additional Resources

Emergency Cybersecurity and Ransomware Notice (March 12, 2021)