The Ransomware Task Force (RTF), a broad coalition of over 60 experts in industry, government, law enforcement, civil society, and international organizations including BlueVoyant, released a comprehensive framework to combat ransomware: “Combating Ransomware: A Comprehensive Framework for Action.”

The RTF was formed in January of 2019 by the Institute for Security and Technology (IST). Representatives from BlueVoyant collaborated with this coalition of partners to lend their expertise toward creating a framework of standardized guidance and actionable solutions to mitigate the growing and dangerous ransomware threat across all vertical markets.

image-Philip-Reiner-CEO-of-IST-and-the-Executive-Director-of-the-RTF-mediabrief.jpgPhilip Reiner, the CEO of IST and the Executive Director of the RTF, said, “The cost of ransom paid by organizations has nearly doubled in the past year, and is creating new risks, many that go far beyond monetary damage.

“In the past 12 months alone, we’ve seen ransomware attacks delay lifesaving medical treatment, destabilize critical infrastructure, and threaten our national security.

“We felt an urgent need to bring together world-class experts across all of the relevant sectors to break down silos and create a framework that government and industry can pursue to disrupt the ransomware business model, mitigate the impact of these attacks, and ensure the continued faith of the general public in its institutions,” Reiner said.

The RTF recognizes ransomware as an international crime that continues to affect both the public and private sectors. Therefore, all solutions must apply both internationally and to a broad spectrum of verticals affected by ransomware.

For this reason, the RTF was proactively convened, and by intent, included representatives across disparate sectors, large and small, public and private, including healthcare, financial, cyber security, technology, government, law enforcement and civil society. The expertise represented by these sectors allowed the RTF to develop multifaceted solutions and build a comprehensive strategy for stemming the tide of ransomware.

The framework consists of four goals:

  • Deter ransomware attacks through a nationally and internationally coordinated, prioritized, and resourced, comprehensive strategy.
  • Disrupt the ransomware business model and decrease criminal profits.
  • To help organizations better prepare for ransomware attacks.
  • To help organizations respond to ransomware attacks more effectively.

The 48 actions outlined provide guidance for addressing the complexities of the ransomware epidemic, from the role of cyber insurance and cryptocurrency to safe havens for threat actors.

The framework developed is not intended for piecemeal action. Effective implementation will require the coordinated effort of many stakeholders to meet these four critical goals, which each fill a gap in the current approach to ransomware mitigation.

image-Austin-Berglas-Global-Head-of-Professional-Services-and-RTF-Representative-for-BlueVoyant-mediabrief.jpgAustin Berglas, Global Head of Professional Services and RTF Representative for BlueVoyant, said, “The risks of ongoing ransomware attacks across all verticals—and the resulting crippling reputational and financial consequences—keep cyber security professionals up at night.

“These risks, coupled with unknown or unaddressed vulnerabilities in their network and supply chain ecosystem, only confirm the severity of the threat.”

“The time for concerted and coordinated action is now. BlueVoyant is honored to be an RTF coalition member and to have played a valuable role in the development of this groundbreaking framework designed to help organizations to better prepare for, respond to, and mitigate the ongoing and pervasive ransomware threat,” Berglas said.

Priority Recommendations from the report

The RTF report includes 48 recommendations that together form a comprehensive framework to address ransomware. Among those, these priority recommendations are the most foundational and urgent, and many of the other recommendations were developed to facilitate or strengthen these core actions.

  1. Coordinated, international diplomatic and law enforcement efforts must proactively prioritize ransomware through a comprehensive, resourced strategy, including using a carrot-and-stick approach to direct nation-states away from providing safe havens to ransomware criminals.
  2. The United States should lead by example and execute a sustained, aggressive, whole of government, intelligence-driven anti-ransomware campaign, coordinated by the White House. This must include the establishment of 1) an Interagency Working Group led by the National Security Council in coordination with the nascent National Cyber Director; 2) an internal U.S. Government Joint Ransomware Task Force; and 3) a collaborative, private industry-led informal Ransomware Threat Focus Hub.
  3. Governments should establish Cyber Response and Recovery Funds to support ransomware response and other cybersecurity activities; mandate that organizations report ransom payments; and require organizations to consider alternatives before making payments.
  4. An internationally coordinated effort should develop a clear, accessible, and broadly adopted framework to help organizations prepare for, and respond to, ransomware attacks. In some under-resourced and more critical sectors, incentives (such as fine relief and funding) or regulation may be required to drive adoption.
  5. The cryptocurrency sector that enables ransomware crime should be more closely regulated. Governments should require cryptocurrency exchanges, crypto kiosks, and over-the-counter (OTC) trading “desks” to comply with existing laws, including Know Your Customer (KYC), Anti-Money Laundering (AML), and Combatting Financing of Terrorism (CFT) laws.

The Ransomware Task Force Framework


This strategic framework aims to help policymakers and industry leaders take system-level action — through potential legislation, funding new programs, or launching new industry-level collaborations — that will help the international community build resistance, disrupt the ransomware business model, and develop resilience to the ransomware threat.

The framework is organized around four goals: deter ransomware attacks through a nationally and internationally coordinated, comprehensive strategy; disrupt the ransomware business model and reduce criminal profits; help organizations prepare for ransomware attacks; and respond to ransomware attacks more effectively.

These goals are interlocking and mutually reinforcing. For example, actions to disrupt the ransomware payments system will decrease the profitability of ransomware, thereby helping to deter other actors from engaging in this crime. Thus, this framework should be considered as a whole, not merely a laundry list of disparate actions.