The Ransomware Task Force (RTF) is a multistakeholder effort with participation from across government, industry, and civil society. Together, the RTF aims to identify and advance recommendations to reduce the risk of ransomware. Days before the Colonial Pipeline attack in May 2021, the RTF published a cornerstone report offering 48 recommendations primarily directed at governments and industry to better combat ransomware.

Since the report’s release, the U.S. government and its partners have intensified disruption efforts, increased information sharing, and developed more comprehensive ransomware mitigation and recovery strategies. However, as of April 2025, our assessment is that 24 of our 48 recommendations have yet to see substantial progress. IST’s view is that the 48 original recommendations remain relevant and important to implement. These remaining 24 recommendations are more difficult to implement; in the United States, many would require legislative action.

The work of the Ransomware Task Force continues to accelerate, with several discrete lines of effort continuing to build upon the findings of the RTF Report, synthesize the lessons learned and shared among our members and supporters, and adapt to the evolving ransomware threat itself. For 2025, the RTF continues work in the following areas:

• International Engagement Working Group
• Brazil Ransomware Task Force
• Strategic Disruption
• Victim Notification
• State, Local, Tribal, and Territorial Cyber Resilience
• Cyber Insurance and Resilience

“Tackling ransomware will not be easy; there is no silver bullet for solving this challenge. Most ransomware criminals are based in nation-states that are unwilling or unable to prosecute this cybercrime, and because ransoms are paid through cryptocurrency, they are difficult to trace. This global challenge demands an “all hands on deck” approach, with support from the highest levels of government.”
—Combating Ransomware: A Comprehensive Framework for Action, April 2021

Latest from the Ransomware Task Force

Enhancing Cyber Resilience Through Insurance: Revisiting Anti-Bundling Regulation
Authors Sophia Mauro and Taylor Grossman make the case that cyber insurance has the strategic potential to go beyond consequence management, actually helping its insureds achieve better proactive, pre-incident cybersecurity. 
April 2025 | Report

Strengthening Brazil’s Cybersecurity: The Brazil Ransomware Task Force
In September 2024, IST Senior Director for International Cyber Engagement Elizabeth Vish and Future for Digital Security Associate Gigi Flores Bustamante attended the first convening of Brazil’s Ransomware Task Force, co-organized by the Ministry of Foreign Affairs of Brazil, the Organization of American States, and IST. Gigi shared her reflections on the conference and launching the first international wing of the RTF.
November 2024 | Blog

2023 RTF Global Ransomware Incident Map: Attacks Increase by 73%, Big Game Hunting Appears to Surge
According to the Ransomware Task Force’s fourth Global Ransomware Incident Map, ransomware attacks increased 73% in 2023. Using Ecrime.ch data, the map analyzes incidents across 117 countries originating from 66 ransomware groups.
September 2024 | Blog

Prepare, Don’t Pay: A Quick-Start Guide to Defending Against Ransomware
Written for the small business owner, this quick-start guide breaks down important components of the Blueprint for Ransomware Defense and its underlying core technical concepts, critical Safeguards and defensive measures, and explains how you can make the Blueprint work for your small- or medium-sized enterprise.
August 2024 | Blog

Meet the Ransomware Task Force Steering Committee
The Ransomware Task Force Steering Committee, composed of 12 individuals from the technology, financial services, legal, and academic sectors, meets biannually to identify strategic opportunities for engagement, provide guidance to help shape the Task Force’s outcomes and timelines, and recruit additional expertise and supporters to the effort. Together, this important group ensures that the RTF remains on top of the latest ransomware trends. 
June 2024 | Blog

24 in ’24: Doubling Down on the Ransomware Task Force Recommendations | Third Ransomware Task Force Anniversary Event
On April 24, the RTF gathered 43 speakers from across the cybersecurity ecosystem, with 5 panels focused on deterrence, disruption, preparation, response, and payments, 2 fireside chats, and 4 keynote speakers.
April 2024 | Event

Doubling Down: April 2024 Progress Report
While the U.S. government and its partners made great strides in combating ransomware this year, attacks have only increased. Of the 48 recommendations made in the Ransomware Task Force Report, our assessment remains unchanged from a year ago: only 24 have seen significant progress. 
April 2024 | Progress Report

Information Sharing in the Ransomware Payment Ecosystem: Exploring the Delta Between Best Practices and Existing Mechanisms
How important is information sharing in the fight against ransomware? This report draws from a recent attack scenario exercise performed by the RTF Payments working group, comparing our results to 3 successful disruption operations to identify gaps in the formal federal information sharing mechanisms in the United States.
April 2024 | Report

Congressional Testimony: Held for Ransom: How Ransomware Endangers Our Financial System
On April 16, 2024, Chief Strategy Officer and Ransomware Task Force Executive Director Megan Stifel testified before the House Committee on Financial Services Subcommittee on National Security, Illicit Finance, and International Financial Institutions for a hearing entitled, “Held for Ransom: How Ransomware Endangers Our Financial System.”
April 2024 | Congressional Testimony

Roadmap to Potential Prohibition of Ransomware Payments
On April 10, 2024, as the debate on ransomware payment bans continues, Ransomware Task Force co-chairs released their Roadmap to Potential Prohibition of Ransomware Payments – 16 steps that could reduce the need for a ban or facilitate effective eventual imposition of a ban.
April 2024 | Memo

Ransomware Roundup: Popup Webinar
On Monday, April 15, adjunct advisors and members of the Ransomware Task Force Jen Ellis, Allan Liska, Jason Kikta, Marc Rogers, and Silas Cutler hosted a popup webinar on the latest in ransomware news.
April 2024 | Webinar

Public Private Partnerships to Combat Ransomware: An Inquiry Into Three Case Studies and Best Practices
This research report examines three existing public-private partnerships to combat ransomware: Europol’s European Cybercrime Centre (EC3), the United States Joint Cyber Defense Collaborative (JCDC), and the Institute for Security and Technology’s Ransomware Task Force (RTF). Through research and interviews with stakeholders, the report aims to determine the characteristics of collaboration that make the partnership model successful in mitigating ransomware, as well as identifying the various challenges each faces. IST conducted this research in collaboration with the Global Forum on Cyber Expertise (GFCE), with funding from the governments of the United States and Spain, and in support of the International Counter Ransomware Initiative.
March 2024 | Report

Key Ransomware Task Force Publications

Combating Ransomware: A Comprehensive Framework for Action
In April 2021, the Ransomware Task Force launched its seminal report, Combating Ransomware: A Comprehensive Framework for Action. The product of over 60 experts from industry, government, law enforcement, civil society, and international organizations, this report provides 48 specific recommendations and advocates for a unified, aggressive, comprehensive, public-private anti-ransomware campaign.
April 2021 | Report

Blueprint for Ransomware Defense: An Action Plan for Ransomware Mitigation, Response, and Recovery for Small- and Medium-Sized Enterprises
The Ransomware Task Force called for the cybersecurity community to “develop a clear, actionable framework for ransomware mitigation, response, and recovery.” The basis for this Blueprint for Ransomware Defense is the CIS Controls, a set of well-regarded and widely-used best practices that help enterprises focus their resources on the critical actions needed to defend against the most common cyber attacks. It includes a subset of these best practices, or “Safeguards,” that are most relevant to combating ransomware.
August 2022 | Report

Mapping the Ransomware Payment Ecosystem: A Comprehensive Visualization of the Process and Participants
Mapping the Ransomware Payment Ecosystem, released in Fall 2022, develops a common understanding of the actors, stakeholders, processes, and information, both required for and produced during the ransomware payment process.
November 2022 | Report

Mapping Threat Actor Behavior in the Ransomware Payment Ecosystem: A Mini-Pilot
This mini-pilot overlays actual threat actor behavior on the original ransomware payment ecosystem map. It seeks to identify which kinds of disruption could be the most effective and where to apply them in the payment process.
May 2023 | Report

Cyber Incident Reporting Framework
A group led by Cyber Threat Alliance and the Institute for Security and Technology that includes CREST, CipherTrace, Coveware, Cybera, Cybercrime Support Network, Cyber Peace Institute, Open Cybersecurity Alliance, and SolarWinds came together to provide input regarding cyber incident reporting. They developed a set of model reporting formats the Cybersecurity and Infrastructure Security Agency (CISA) could use as the foundation for the reporting forms.
November 2022 | Report

Cyber Incident Reporting Framework: Global Edition
A group led by the Cyber Threat Alliance and the Institute for Security and Technology released the Cyber Incident Reporting Framework: Global Edition. The framework answers questions about what conditions should be in place to make a reporting mandate effective and harmonizes suggested definitions with existing global regulations.
March 2023 | Report

Progress Reports
As part of our ongoing mission to counter the ransomware threat, the Ransomware Task Force continually reflects on its original recommendations and monitors policy changes across industry and government. We engage with these findings openly, and work with our members to be agile in our ongoing recommendations.
April 2022, April 2023, and April 2024 | Progress Reports

Ransomware Task Force Organization

Effectively combating ransomware requires the dedicated, prioritized attention of experts across industry and government. IST was honored to have the opportunity to convene and work with this groundbreaking coalition and interdisciplinary group of leaders on the Ransomware Task Force. 

The RTF consists of over 60 members from software companies, government agencies, cybersecurity vendors, financial services companies, nonprofits, and academic institutions working together on a comprehensive framework of actionable solutions. Their work synthesized best practices across sectors, identified solutions in all steps of the ransomware kill chain, targeted gaps in solution application, and engaged stakeholders across industries to coalesce around a diverse set of ideas and solutions.

The Ransomware Task Force (RTF) Steering Committee consists of senior stakeholders and experts that approach the RTF from an objective, ecosystem-wide perspective to help drive outcomes and ensure the effectiveness of ongoing work. The Steering Committee provides high-level support, guidance, and oversight of RTF progress and ensures that lines of effort are impactful, efficient, and in line with existing work. 

Ransomware Task Force Steering Committee

Heather Adkins

Google

Omesh Agam

Chainalysis

Raj De

Mayer Brown

Kristopher Fador

Bank of America

Amy Hogan-Burney

Microsoft

Sandra Joyce

Google Cloud

Michael Lashlee

Mastercard

Ciaran Martin

University of Oxford

Wendy Nather

1Password

Jai Ramaswamy

Andreessen Horowitz

Fernando Ruiz Pérez

Banco Santander

The Ransomware Task Force Co-Chairs are leaders, experts, and conveners in the cybersecurity space. Focusing on distinct lines of effort, they have been an integral part of the RTF’s efforts since 2021 and continue to play a crucial role in Ransomware Task Force implementation and impact.

Ransomware Task Force Co-Chairs

Megan Stifel

Institute for Security and Technology

Michael Daniel

Cyber Threat Alliance

John Davis

Palo Alto Networks

Jen Ellis

NextJenSecurity

Chris Painter

Global Forum on Cyber Expertise

Michael Phillips

CFC

Philip Reiner

Institute for Security and Technology

Kemba Walden

Paladin Global Institute

The Institute for Security and Technology continues to lead the work of the Ransomware Task Force. Members of the IST Ransomware Task Force Team guide working groups, conduct research, and advance RTF lines of effort.

IST Ransomware Task Force Team

Philip Reiner

Chief Executive Officer

Megan Stifel

Chief Strategy Officer

Gigi Flores Bustamante

Senior Associate for Future of Digital Security

Taylor Grossman

Director for Digital Security

Michael Klein

Senior Director for Preparedness and Response

Nicholas Leiserson

Senior Vice President for Policy

Elizabeth Vish

Senior Director for International Cyber Engagement

Ransomware Task Force Events

24 in ’24: Doubling Down on Ransomware Task Force Recommendations

April 24, 2024
The Ransomware Task Force’s annual convening returned this year for 24 in ‘24: Doubling Down on the Ransomware Task Force Recommendations. As of May 2023, 50% of the Ransomware Task Force’s original 48 recommendations have seen significant progress–but what about the other 24? On April 24, we zeroed in on those 24 and discussed how we might redouble our efforts.

Ransomware Task Force: Gaining Ground

May 5, 2023
Ransomware remains a dire threat to businesses, schools, hospitals, individuals, and nations alike. Two years after publishing its groundbreaking report with recommendations to combat the threat of ransomware, the Ransomware Task Force is more active and more prolific than ever, deepening engagement in lines of effort and finding new ways to tackle the problem. On May 5, 2023, we hosted a day of reflections on the current status of the ransomware threat, the Ransomware Task Force’s efforts, and what’s to come. 

Combating Ransomware: A Year of Action

May 22, 2022
Over the course of 2021, ransomware attacks continued to plague institutions of all sizes—but thanks in part to the timely and comprehensive recommendations of the Ransomware Task Force, governments were more engaged and organizations are more focused on equipping themselves with the tools and policies needed to counter this threat. As the RTF completed its first year of impact, we hosted a day of reflections, predictions, and connections on how we can continue to combat ransomware in 2022 and beyond.

Original RTF Members and Line of Effort Participants