Multi-Sector Ransomware Task Force Debuts

January 8, 2021

The Institute for Security and Technology (IST) — in partnership with a broad coalition of experts in industry, government, law enforcement, nonprofits, cybersecurity insurance, and international organizations — is launching a new Ransomware Task Force (RTF) to tackle this increasingly prevalent and destructive type of cybercrime. The RTF’s founding members understand that ransomware is too large of a threat for any one entity to address, and have come together to provide clear recommendations for both public and private action that will significantly reduce the threat posed by this criminal enterprise.

Ransomware incidents have been growing unchecked, and this economically destructive cybercrime has increasingly led to dangerous, physical consequences. Hospitals, school districts, city governments, and others have found their networks held hostage by malicious actors seeking payouts. This crime transcends sectors and requires bringing all affected stakeholders to the table to synthesize a clear framework of actionable solutions, which is why IST and our coalition of partners are launching this Task Force for a two-to-three month sprint.

The RTF will assess existing solutions at varying levels of the ransomware kill chain, identify gaps in solution application, and create a roadmap of concrete objectives and actionable milestones for high-level decision-makers. To contribute to the final roadmap, the RTF will commission expert papers and engage stakeholders across industries to coalesce around vetted solutions.

Stéphane Duguin, Chief Executive Officer of the CyberPeace Institute said, "The ransomware criminal model is a profound and systemic threat to cyberpeace. Since 1989, continuous criminal innovation has been in its DNA. Any response should address its evolution in reach, scale, anonymity and accountability.

Reach: Ransomware, from widespread campaigns to precise sophisticated attacks, targets everyone. The only discriminative factor is whether or not the criminal group can generate profit. The old ransomware model has evolved beyond simple extortion. Ransomware groups are now adding pressure by threatening publication of data should victims not pay. This double extortion scheme evolved recently into triple extortion: criminals are now going against people, threatening to leak their personal information on the internet.

Scale: Ransomware has evolved into a collaborative criminal model, facilitating the process of deploying ransomware attacks for non-technical cybercriminals. This is known as Ransomware-as-a-Service and it augments the size of the threat in an unprecedented way.

Anonymity: With ransomware, criminals are obfuscating the criminal kill-chain, from abusing encryption to hide footprints to benefiting from anonymous international money laundering schemes.

Accountability: The criminal groups profit from the reluctance of victims to denounce attacks. They also benefit from the incapacity of states to adapt their prosecution and international cooperation capabilities to the level of the threat. Finally, they make use of state-led research and development which is weaponized against civilian populations when it escapes government control.

These developments cannot be addressed by one entity alone. This is why the CyberPeace Institute is joining the Ransomware Task Force, where it seeks to provide its expertise, especially in the field of attacks against healthcare. The Task Force is a multi-stakeholder project which will act as a force multiplier to existing initiatives and scale up partnerships against ransomware. Criminals have been cooperating for long in cyberspace, it is time for the international community to step up. It takes a coalition to protect a network."

Founding Ransomware Task Force partners include:

Aspen Digital


The Cyber Threat Alliance


The CyberPeace Institute

The Cybersecurity Coalition

The Global Cyber Alliance






Shadowserver Foundation

Stratigos Security

Team Cymru

Third Way

UT Austin Stauss Center

The Ransomware Task Force website, including full membership and leadership roles, will be launched in January 2021.

Terms of Use | Copyright © 2002 - 2021 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement