RTF Progress Reports

The Ransomware Task Force is committed to seeing our mission through.

As part of our ongoing mission to counter the ransomware threat, the Ransomware Task Force continually reflects on its original recommendations and monitors policy changes across industry and government. We engage with these findings openly, and work with our members to be agile in our ongoing recommendations.


April 2024:

Ransomware Task Foce: Doubling Down.

In April 2021, the Ransomware Task Force (RTF) published Combating Ransomware: A Comprehensive Framework for Action (“the Report”), which outlined 48 recommendations for industry, government, and civil society to undertake in order to deter and disrupt the ransomware ecosystem, and to help entities prepare for and respond to attacks at scale. In the three years since its publication, we have continued to see governments and the private sector step up commitments to addressing this threat. IST’s view is that the 48 original recommendations remain relevant and important to implement to reduce the threat that ransomware poses to the United States and the global digital ecosystem. Given this assessment, this progress report focuses on the 24 recommendations that have seen little to no action since 2021, identifying how governments and industry can achieve substantial results by doubling down on these key Report recommendations. 


May 2023:

Ransomware Task Force: Gaining Ground

As of May 2023, 92% of the 48 RTF recommendations have seen some action, with 50% experiencing significant progress, including through legislation and policy adoption.

This report walks readers through the RTF’s second year, acknowledging tremendous shifts in the ecosystem, especially in light of the war in Ukraine, and highlights key areas of progress. Whereas last year’s progress report captured the early wins of an anti-ransomware campaign, this year we grappled with the more elusive goal of sustaining success against evolving challenges. 

Lastly, this report also outlines areas to watch in the next year, including:

  • Sustaining focus on collecting and sharing ransomware data
  • Improving baseline cybersecurity across the ecosystem
  • Reexamining existing incentive structures

December 2022:

Eighteen Months On: Continued Progress on Ransomware Task Force Recommendations

In the 6 months since the publication of the Ransomware Task Force (RTF) Progress Report this May, we have seen a great deal of action to combat ransomware, but we have also seen the scale of the threat continue to grow, even as stakeholders continue to focus on it.

Despite the looming threat of ransomware, there has been significant progress in the fight against the ransomware threat. The June joint European Union and United States ransomware workshop at the Hague, and October 31-November 1 International Counter Ransomware Initiative Summit indicated strong international commitment to counter ransomware. Meanwhile, law enforcement continues to seize ransom payments. In this December 2022 progress update, we will outline major progress seen across the ransomware ecosystem and identify key areas to focus our efforts moving forward.

May 2022:

The Ransomware Task Force: One Year On

On April 29th, 2021, the RTF published Combating Ransomware: A Comprehensive Framework for Action (“the Report”), which offered 48 recommendations for industry, government, and civil society action designed to deter and disrupt the ransomware business model, and to help organizations prepare for and respond at scale to such attacks.

In the year since, we have seen a great deal of action to combat ransomware, yet we have also seen the numbers of observed incidents continue to rise even as stakeholders focus on the threat itself. This summary briefly discusses some of the ransomware-related activity of the last year, its impact, the current threat level, and our recommendations for moving forward, highlighting the following takeaways:

  • The work that has been undertaken to combat ransomware in the past year was unprecedented and laid a strong foundation for future actions.
  • The threat landscape evolved along with the financial and geopolitical forces shaping global affairs and the full scope of the ransomware threat remains unknown because of a lack of sufficient attack and payment data.
  • The same coalition that assembled a year ago remains ever vigilant and active in this fight via the RTF because a unified global effort is needed to combat the evolving ransomware threat.