Executive Summary
Ransomware attacks present an urgent national security risk around the world. This evolving form of cybercrime, through which criminals remotely compromise computer systems and demand a ransom in return for restoring and/or not exposing data, is economically destructive and leads to dangerous real-world consequences that far exceed the costs of the ransom payments alone.
In 2020, thousands of businesses, hospitals, school districts, city governments, and other institutions in the U.S. and around the world were paralyzed as their digital networks were held hostage by malicious actors seeking payouts. The immediate physical and business risks posed by ransomware are compounded by the broader societal impact of the billions of dollars steered into criminal enterprises, funds that may be used for the proliferation of weapons of mass destruction, human trafficking, and other virulent global criminal activity.
Despite the gravity of their crimes, the majority of ransomware criminals operate with near impunity, based out of jurisdictions that are unable or unwilling to bring them to justice. This problem is exacerbated by financial systems that enable attackers to receive funds without being traced. Additionally, the barriers to entry into this lucrative criminal enterprise have become shockingly low. The “ransomware as a service” (RaaS) model, allows criminals without technical sophistication to conduct ransomware attacks. At the same time, technically knowledgeable criminals are conducting increasingly sophisticated attacks.
Significant effort has been made to understand and address the ransomware threat, yet attackers continue to succeed on a broad and troubling scale. To shift these dynamics, the international community needs a comprehensive approach that influences the behavior of actors on all sides of the ecosystem, including deterring and disrupting attackers, shoring up preparation and response of potential victims, and engaging regulators, law enforcement, and national security experts. We also need international cooperation and adoption of processes, standards, and expectations.
This report outlines a comprehensive framework of actions (48 in total) that government and industry leaders can pursue to significantly disrupt the ransomware business model and mitigate the impact of these attacks in the immediate and longer terms. These recommendations were collaboratively developed by the Ransomware Task Force (RTF) — a broad coalition of volunteer experts from industry, government, law enforcement, civil society, cybersecurity insurers, and international organizations — to provide a strategic framework for a systemic, global approach to mitigating the ransomware problem.
While we have identified some recommendations as priorities, we strongly recommend viewing the entire set of recommendations together, as they are designed to complement, and build on each other. The strategic framework is organized around four primary goals: to deter ransomware attacks through a nationally and internationally coordinated, comprehensive strategy; to disrupt the business model and reduce criminal profits; to help organizations prepare for ransomware attacks; and to respond to ransomware attacks more effectively.