SUMMARY

Two years after publishing Combating Ransomware: A Comprehensive Framework for Action, we have seen impressive moves by industry, U.S., and partner governments toward implementing the initial 48 recommendations. In particular, we have seen continued commitment to combat this threat through the following actions: 

• Increasing public-private and government-to-government collaboration on disruptive activity
• Increasing focus on reporting and information sharing
• Ongoing efforts to reduce some of the risks posed by cryptocurrency

We have also seen significant change across the ransomware landscape. Governments have taken action to prioritize ransomware defenses and investigations; victims have changed their responses; and threat actors have evolved, not only in terms of who they affiliate with, but also in terms of their tactics and the size and geographic location of their targets. 

This report walks readers through the RTF’s second year, acknowledging tremendous shifts in the ecosystem, especially in light of the war in Ukraine, and highlights key areas of progress. Whereas last year’s progress report captured the early wins of an anti-ransomware campaign, this year we grappled with the more elusive goal of sustaining success against evolving challenges. 

Lastly, this report also outlines areas to watch in the next year, including:

• Sustaining focus on collecting and sharing ransomware data
• Improving baseline cybersecurity across the ecosystem
• Reexamining existing incentive structures