Sign Up for Our Newsletter
Donate

Ransomware Task Force (RTF)

Combating the ransomware threat with a cross-sector approach

The Ransomware Task Force (RTF) is a multistakeholder effort with participation from across government, industry, and civil society. Together, the RTF aims to identify and advance recommendations to reduce the risk of ransomware. Days before the Colonial Pipeline attack in May 2021, the RTF published a cornerstone report offering 48 recommendations primarily directed at governments and industry to better combat ransomware.

Since the report’s release, the U.S. government and its partners have intensified disruption efforts, increased information sharing, and developed more comprehensive ransomware mitigation and recovery strategies. However, as of April 2025, our assessment is that 24 of our 48 recommendations have yet to see substantial progress. IST’s view is that the 48 original recommendations remain relevant and important to implement. These remaining 24 recommendations are more difficult to implement; in the United States, many would require legislative action.

The work of the Ransomware Task Force continues to accelerate, with several discrete lines of effort continuing to build upon the findings of the RTF Report, synthesize the lessons learned and shared among our members and supporters, and adapt to the evolving ransomware threat itself. For 2025, the RTF continues work in the following areas:

  • International Engagement Working Group
  • Brazil Ransomware Task Force
  • Strategic Disruption
  • Victim Notification
  • State, Local, Tribal, and Territorial (SLTT) Cybersecurity Initiative
  • Cyber Insurance and Resilience

"Tackling ransomware will not be easy; there is no silver bullet for solving this challenge. Most ransomware criminals are based in nation-states that are unwilling or unable to prosecute this cybercrime, and because ransoms are paid through cryptocurrency, they are difficult to trace. This global challenge demands an “all hands on deck” approach, with support from the highest levels of government."

Combating Ransomware: A Comprehensive Framework for Action, April 2021

Blueprint for Ransomware Defense

An action plan for ransomware mitigation, response, and recovery for small- and medium-sized enterprises, available in English, Spanish, French, and Portuguese.

See more

Combating Ransomware: A Comprehensive Framework for Action

A comprehensive framework that breaks down siloed approaches and advocates for a unified, aggressive, comprehensive, public-private anti-ransomware campaign.
See more

Featured Content

Recent Content

Governance and Cyber Risk for SMEs: Remapping the Blueprint for Ransomware Defense

Blog

Governance and Cyber Risk for SMEs: Remapping the Blueprint for Ransomware Defense

In 2022, the Ransomware Task Force developed the Blueprint for Ransomware Defense to provide SMEs with an actionable framework to defend against the most common attacks, aligning with NIST’s Cybersecurity Framework 1.0. Today, IST releases the Blueprint remapped to the NIST Cybersecurity Framework 2.0, incorporating a new core function and updating key considerations for the most vulnerable SMEs.
blueprint, cybersecurity, defense, governance, Ransomware, SMEs, Take9
November 6, 2025
Q&A: On Disrupting the Ransomware Ecosystem

Blog

Q&A: On Disrupting the Ransomware Ecosystem

What is a tabletop exercise, or TTX? How can TTXs be deployed in the ransomware context? In the latest edition of The TechnologIST, IST's Sophia Mauro sits down with Director for Digital Security Taylor Grossman to learn more about a recent TTX and IST's efforts to support disruption of the ransomware ecosystem.
blockchain, cryptocurrency, cyber, cybersecurity, disruption, Ransomware, TTX
October 21, 2025
Building Cyber Resilience: International Counter Ransomware Initiative Endorses Blueprint for Ransomware Defense

Blog

Building Cyber Resilience: International Counter Ransomware Initiative Endorses Blueprint for Ransomware Defense

As the world’s largest international cyber partnership, the International Counter Ransomware Initiative (CRI) brings together over 74 member states and organizations to build international resilience to the global problem of ransomware. Ahead of its fifth gathering, IST is pleased to announce the CRI’s has endorsed the Ransomware Task Force’s Blueprint for Ransomware Defense.
announcement, Blueprint for Ransomware Defense, counter ransomware initiative, Ransomware, RTF
October 21, 2025
What Cyber Policy Needs Next: Through the Looking Glass of the Ransomware Task Force – Megan Stifel at CyberNextDC

Blog

What Cyber Policy Needs Next: Through the Looking Glass of the Ransomware Task Force – Megan Stifel at CyberNextDC

Megan Stifel delivered keynote remarks at CyberNextDC on October 8, 2025 to view cyber policy 'through the looking glass.' "I think the White House, and Director Cairncross in particular, have a unique opportunity in their forthcoming strategy to let the good flourish, push the bureaucracy to overcome the bad, and lead the country to tackle the ugly," she said.
critical infrastructure, cyber, international collaboration, national security, policy, Ransomware, Salt Typhoon, secure-by-design
October 8, 2025
Nick Leiserson and Michael Klein: Urgent Changes Needed to Update the E-Rate Program

In the News, Op-ed

Nick Leiserson and Michael Klein: Urgent Changes Needed to Update the E-Rate Program

For Broadband Breakfast, IST Senior VP for Policy Nicholas Leiserson and Senior Director for Preparedness and Response Michael Klein make the case for expanding the FCC’s E-Rate program to bolster the cybersecurity resilience of K-12 schools.
cybersecurity, E-Rate, K-12 Education, Ransomware, Universal Service Fund
October 1, 2025

Ransomware Task Force Steering Committee

The Ransomware Task Force (RTF) Steering Committee consists of senior stakeholders and experts that approach the RTF from an objective, ecosystem-wide perspective to help drive outcomes and ensure the effectiveness of ongoing work. The Steering Committee provides high-level support, guidance, and oversight of RTF progress and ensures that lines of effort are impactful, efficient, and in line with existing work. 

Omesh Agam

Chainalysis

Heather Adkins

Google

Raj De

Mayer Brown

Kristopher Fador

Bank of America

Sandra Joyce

Google Cloud

Michael Lashlee

Mastercard

Wendy Nather

1Password

Ciaran Martin

University of Oxford

Steven Masada

Microsoft

Jai Ramaswamy

Andreessen Horowitz

Fernando Ruiz Pérez

Banco Santander

Ransomware Task Force Co-Chairs

The Ransomware Task Force Co-Chairs are leaders, experts, and conveners in the cybersecurity space. Focusing on distinct lines of effort, they have been an integral part of the RTF’s efforts since 2021 and continue to play a crucial role in Ransomware Task Force implementation and impact.

Kemba Walden

Paladin Global Institute

Jen Ellis

NextJenSecurity

Megan Stifel

Institute for Security and Technology

Michael Daniel

Cyber Threat Alliance

Chris Painter

The Cyber Policy Group

Philip Reiner

Institute for Security and Technology

Michael Phillips

Coalition

John Davis

Palo Alto Networks

Ransomware Task Force Team

Philip Reiner

Chief Executive Officer

Megan Stifel

Chief Strategy Officer

Gigi Flores Bustamante

Senior Associate for Future of Digital Security

Taylor Grossman

Director for Digital Security

Michael Klein

Senior Director for Preparedness and Response

Nicholas Leiserson

Senior Vice President for Policy

Elizabeth Vish

Senior Director for International Cyber Engagement

Original RTF Members and Line of Effort Participants

a16z
Amazon Web Services
Aspen Digital
Aviation ISAC
Banco Santander
Bank of America
Blackbaud
BlueVoyant
Center for Internet Security
CFC Underwriting
Chainalysis
CipherTrace
Cisco
Citrix
Coveware
CrowdStrike
CyberPeace Foundation
The CyberPeace Institute
Cybereason
Cyber Threat Alliance
Cybera
CyberArk
Cybersecurity Coalition
Datto
Deloitte
Ernst & Young
FireEye

Jefferson County, CO
K12 SIX
McAfee
Microsoft
National Governors Association
New York Department of Financial Services (NYDFS)
Palo Alto Networks
Rapid7
Recorded Future
Red Canary
Redacted
Resilience
Royal Canadian Mounted Police’s National Cybercrime Coordination Unit (NC3)
SecurityScorecard
The Shadowserver Foundation
Stratigos Security
Team Cymru
Third Way
University of Oxford Blavatnik School of Government
U.K. National Cyber Security Centre (NCSC)
U.K. National Crime Agency (NCA)
U.S. Cybersecurity and Infrastructure Security Agency (CISA)
U.S. Federal Bureau of Investigation (FBI)
U.S. Secret Service (USSS)
U.T. Austin Strauss Center

Search all Ransomware Task Force content

Search
Filters

Governance and Cyber Risk for SMEs: Remapping the Blueprint for Ransomware Defense

Blog

Governance and Cyber Risk for SMEs: Remapping the Blueprint for Ransomware Defense

In 2022, the Ransomware Task Force developed the Blueprint for Ransomware Defense to provide SMEs with an actionable framework to defend against the most common attacks, aligning with NIST’s Cybersecurity Framework 1.0. Today, IST releases the Blueprint remapped to the NIST Cybersecurity Framework 2.0, incorporating a new core function and updating key considerations for the most vulnerable SMEs.
blueprint, cybersecurity, defense, governance, Ransomware, SMEs, Take9
November 6, 2025
Q&A: On Disrupting the Ransomware Ecosystem

Blog

Q&A: On Disrupting the Ransomware Ecosystem

What is a tabletop exercise, or TTX? How can TTXs be deployed in the ransomware context? In the latest edition of The TechnologIST, IST's Sophia Mauro sits down with Director for Digital Security Taylor Grossman to learn more about a recent TTX and IST's efforts to support disruption of the ransomware ecosystem.
blockchain, cryptocurrency, cyber, cybersecurity, disruption, Ransomware, TTX
October 21, 2025
Building Cyber Resilience: International Counter Ransomware Initiative Endorses Blueprint for Ransomware Defense

Blog

Building Cyber Resilience: International Counter Ransomware Initiative Endorses Blueprint for Ransomware Defense

As the world’s largest international cyber partnership, the International Counter Ransomware Initiative (CRI) brings together over 74 member states and organizations to build international resilience to the global problem of ransomware. Ahead of its fifth gathering, IST is pleased to announce the CRI’s has endorsed the Ransomware Task Force’s Blueprint for Ransomware Defense.
announcement, Blueprint for Ransomware Defense, counter ransomware initiative, Ransomware, RTF
October 21, 2025
What Cyber Policy Needs Next: Through the Looking Glass of the Ransomware Task Force – Megan Stifel at CyberNextDC

Blog

What Cyber Policy Needs Next: Through the Looking Glass of the Ransomware Task Force – Megan Stifel at CyberNextDC

Megan Stifel delivered keynote remarks at CyberNextDC on October 8, 2025 to view cyber policy 'through the looking glass.' "I think the White House, and Director Cairncross in particular, have a unique opportunity in their forthcoming strategy to let the good flourish, push the bureaucracy to overcome the bad, and lead the country to tackle the ugly," she said.
critical infrastructure, cyber, international collaboration, national security, policy, Ransomware, Salt Typhoon, secure-by-design
October 8, 2025
Nick Leiserson and Michael Klein: Urgent Changes Needed to Update the E-Rate Program

In the News, Op-ed

Nick Leiserson and Michael Klein: Urgent Changes Needed to Update the E-Rate Program

For Broadband Breakfast, IST Senior VP for Policy Nicholas Leiserson and Senior Director for Preparedness and Response Michael Klein make the case for expanding the FCC’s E-Rate program to bolster the cybersecurity resilience of K-12 schools.
cybersecurity, E-Rate, K-12 Education, Ransomware, Universal Service Fund
October 1, 2025