Team Cymru Contributes to Critical Recommendations for New Ransomware Task Force (RTF) Comprehensive Framework to Combat Ransomware

Share Article

Team Cymru leads effort to imagine “Ransomware-related Worst Case Scenarios” in order to help head off the next big cyber threat

News Image

Team Cymru, in partnership with The Ransomware Task Force (RTF), a broad coalition of over 60 experts in industry, government, law enforcement, civil society, and international organizations, today released a comprehensive framework that can be immediately applied by industry, government, and society to combat ransomware.

The RTF was formed in January by the Institute for Security and Technology (IST) to join industry leaders together to help the world understand the true threat ransomware poses and provide a roadmap for public and private organizations to mitigate the risk. Members from Team Cymru proactively contributed their unmatched threat intelligence expertise to the development of the framework, and also chaired a subcommittee on “Ransomware-related Worst Case Scenarios.” The scenarios informed the framework and provided guidance on 48 actionable steps in the new report: “Combating Ransomware: A Comprehensive Framework for Action.”

“Worst Case Scenarios tend to encompass threats to life, threats to national security, and threats to critical utilities, including critical supply chains. We've seen ransomware actors escalating their targets to large enterprises and demanding $50 million in ransom. These are big numbers that impact large enterprises, but so far, we haven't seen an escalation to the most critical targets,” said James Shank, Chief Architect of Community Services and Senior Security Evangelist for Team Cymru. “There is no reason to believe that ransomware actors will restrain themselves to protect innocent life. We have already seen groups hitting hospitals during a global pandemic and school districts, utilities and local governments are common targets. What comes next is unknown, but what could come next gets scary pretty quick.”

When imagining the Worst Case Scenarios, the subcommittee was mindful that any changes to the current ecosystem could have unintended consequences. This applies both to the threat actors’ activities, as well as the actions taken by defenders that could drive threat actors to more extreme measures. It is unlikely that the actors will simply hang up their hats and retire. The industry needs to think about the next iterations to help inform the best strategy to accomplish the intended goals.

“The cost of ransom paid by organizations has nearly doubled in the past year, and is creating new risks, many that go far beyond monetary damage,” said Philip Reiner, the CEO of IST and the Executive Director of the RTF. “In the past 12 months alone, we’ve seen ransomware attacks delay lifesaving medical treatment, destabilize critical infrastructure, and threaten our national security. We felt an urgent need to bring together world-class experts across all of the relevant sectors to break down silos and create a framework that government and industry can pursue to disrupt the ransomware business model, mitigate the impact of these attacks, and ensure the continued faith of the general public in its institutions.”

"The timing of the Ransomware Task Force is critical - it was run as a quick sprint effort to gather information and proposals to inform a new administration's strategy on responding to this threat. Working in collaboration between international public and private sector experts is the path forward to successfully meeting the threats the world faces today,” added Shank. “No one has all the solutions or all the tools by themselves to respond to threat actors. The threat actors themselves work together to accomplish their goals, with different people running different parts of the overall compromise chain. To truly change the game, we need to do the same on the defense side, focusing on the overall goal and collaborating to see it done."

The RTF recognized that ransomware is an international crime that increasingly touches public and private sectors alike. Any solutions must thus apply both internationally and to a wide array of affected sectors. For this reason, the RTF was proactively convened with representatives across disparate sectors, large and small, public and private, to include the healthcare and financial sectors, cybersecurity and tech, government and law enforcement, and civil society. It is because of this variety in expertise that the RTF was able to develop multifaceted solutions and a full, comprehensive strategy to stem the ransomware tide - ranging from dealing with the complexities of the ransomware epidemic, to the role of cyber insurance, cryptocurrency, and safe havens for threat actors.

To read the Team Cymru blog, visit…resh-perspective/

To learn more about the Ransomware Task Force, visit

About Team Cymru
Since 2005, Team Cymru’s mission has been to save and improve human lives by working with public and private sector analyst teams, enabling them to track and take down threat actors, criminals, terrorists and human traffickers around the globe. The company delivers comprehensive visibility into global cyber threat activity and is a key source of intelligence for many cyber security and threat intelligence vendors. Its Community Services division provides no-cost threat detection, DDoS mitigation and threat intelligence to network operators, hosting providers and more than 130 CSIRT teams across 86+ countries. Enterprise security teams rely on its Pure Signal™ platform for on-demand access to global internet traffic telemetry, which allows them to see what’s happening virtually anywhere across the internet with a clarity similar to that of their own internal network telemetry. With this visibility, they close detection gaps, accelerate incident response, and get ahead of critical, recurring threats – mapping and monitoring threat infrastructures around the world and blocking attacks before they are launched. For more information visit

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Leslie Kesselring
Kesselring Communications
+1 503-358-1012
Email >
Visit website