PolicyRansomware Task Force releases full framework
On 29 April 2021 the Institute for Security and Technology's Ransomware Task Force released a full report with 48 recommendations to combat ransomware through coordinated government and private sector action.
Fact-checked and reviewed — Kodi C.
On , the Institute for Security and Technology's Ransomware Task Force (RTF) released "Combating Ransomware: A Full Framework for Action," presenting 48 recommendations across four strategic pillars. The report, developed by a coalition of 60+ experts from government, law enforcement, academia, and industry, provides a blueprint for coordinated action against ransomware through deterrence, disruption, victim support, and public-private collaboration.
Strategic framework
The RTF framework organizes recommendations into four pillars: (1) deter ransomware attacks through a nationally and internationally coordinated strategy; (2) disrupt the ransomware business model and reduce criminal profits; (3) help organizations prepare for and respond to attacks more effectively; and (4) respond to ransomware attacks more effectively through coordinated incident response.
Priority actions include establishing an interagency task force led by the National Security Council, mandatory reporting of ransomware payments, and international cooperation to pressure nations harboring ransomware operators. The report emphasizes that ransomware is not merely a technical problem but a criminal enterprise requiring law enforcement, diplomatic, and financial tools.
Key recommendations
On deterrence, the RTF recommends elevating ransomware as a national security priority and developing strategies to disrupt safe havens for ransomware actors. The report calls for coordinated diplomatic pressure on countries that tolerate ransomware operations, including potential sanctions.
On disruption, recommendations focus on cryptocurrency regulation, including requiring exchanges to implement stronger know-your-customer (KYC) requirements and enabling law enforcement to trace and seize criminal proceeds. The report also recommends creating a Ransomware Response Fund to help critical infrastructure organizations recover without paying ransoms.
On preparation, the RTF recommends requiring cyber hygiene standards for critical infrastructure, expanding cyber insurance requirements, and developing sector-specific guidance for ransomware resilience. If you are affected, implement baseline controls including MFA, network segmentation, and tested backup/recovery procedures.
Implementation progress
Several RTF recommendations have been adopted since publication. Executive Order 14028 incorporated supply chain security and incident reporting requirements. CISA launched the StopRansomware.gov resource hub. The Department of Justice established a Ransomware and Digital Extortion Task Force. Treasury issued updated guidance on sanctions implications of ransomware payments.
If you are affected, review the RTF recommendations alongside sector-specific guidance to identify gaps in their ransomware preparedness. The framework provides a useful benchmark for board-level discussions on ransomware risk management and investment priorities.
Policy Development and Analysis
Policy analysis should assess the implications of this development for organizational operations, compliance obligations, and strategic positioning. Impact assessments should consider both direct requirements and indirect effects through industry practices, customer expectations, and competitive dynamics.
Policy development processes should engage relevant teams to ensure full consideration of diverse perspectives and practical setup constraints. Feedback mechanisms should capture lessons learned and drive policy refinements based on operational experience.
Policy Implementation Monitoring
Policy teams should track setup progress and monitor for developments that may affect requirements or interpretation. Stakeholder engagement should ensure relevant parties understand policy implications and their responsibilities for compliance. Documentation should support audit and examination processes by demonstrating timely awareness and appropriate response to policy developments.
Regular reviews should assess ongoing compliance status and identify any gaps requiring additional attention or resource allocation.
Continue in the Policy pillar
Return to the hub for curated research and deep-dive guides.
Latest guides
-
AI Policy Implementation Guide
Coordinate governance, safety, and reporting programmes that meet EU Artificial Intelligence Act timelines and U.S. National AI Initiative Act mandates while sustaining product…
-
Digital Markets Compliance Guide
Implement EU Digital Markets Act, EU Digital Services Act, UK Digital Markets, Competition and Consumers Act, and U.S. Sherman Act requirements with cross-functional operating…
-
Semiconductor Industrial Strategy Policy Guide
Coordinate CHIPS and Science Act, EU Chips Act, and Defense Production Act programmes with capital planning, compliance, and supplier readiness.
Coverage intelligence
- Published
- Coverage pillar
- Policy
- Source credibility
- 90/100 — high confidence
- Topics
- ransomware · policy framework · public-private partnership · incident response
- Sources cited
- 3 sources (securityandtechnology.org, cvedetails.com, iso.org)
- Reading time
- 5 min
Source material
- Combating Ransomware: A Full Framework for Action — Institute for Security and Technology
- CVE Details - Vulnerability Database — CVE Details
- ISO 31000:2018 — Risk Management Guidelines — International Organization for Standardization
Comments
Community
We publish only high-quality, respectful contributions. Every submission is reviewed for clarity, sourcing, and safety before it appears here.
No approved comments yet. Add the first perspective.