The Cyber Threat Alliance Participated In A Three-month Public-private Sprint With An Interdisciplinary Group Of Domain Experts, Resulting In Nearly 50 Actionable Steps For Both Industry And Government To Reverse The Trajectory Of Ransomware Attacks
April 29, 2021, Washington — The Cyber Threat Alliance (CTA) in partnership with The Ransomware Task Force (RTF), a broad coalition of over 60 experts in industry, government, law enforcement, civil society, and international organizations today released a comprehensive framework to combat ransomware. The RTF was formed in January by the Institute for Security and Technology (IST), and members from CTA proactively contributed to its efforts, collaborating to mitigate this growing and dangerous threat. We are proud to support the release of the resulting report today: “Combating Ransomware: A Comprehensive Framework for Action.”
“The cost of ransom paid by organizations has nearly doubled in the past year, and is creating new risks, many that go far beyond monetary damage,” said Philip Reiner, the CEO of IST and the Executive Director of the RTF. “In the past 12 months alone, we’ve seen ransomware attacks delay lifesaving medical treatment, destabilize critical infrastructure, and threaten our national security. We felt an urgent need to bring together world-class experts across all of the relevant sectors to break down silos and create a framework that government and industry can pursue to disrupt the ransomware business model, mitigate the impact of these attacks, and ensure the continued faith of the general public in its institutions.”
The RTF recognized that ransomware is an international crime that increasingly touches public and private sectors alike. Any solutions must thus apply both internationally and to a wide array of affected sectors. For this reason, the RTF was proactively convened with representatives across disparate sectors, large and small, public and private, to include the healthcare and financial sectors, cybersecurity and tech, government and law enforcement, and civil society. It is because of this variety in expertise that the RTF was able to develop multifaceted solutions and a full, comprehensive strategy to stem the ransomware tide.
The recommended framework consists of four goals; to deter ransomware attacks through a nationally and internationally coordinated, prioritized, and resourced, comprehensive strategy; to disrupt the ransomware business model and decrease criminal profits; to help organizations better prepare for ransomware attacks; and to respond to ransomware attacks more effectively. The 48 recommended actions provide guidance for dealing with the complexities of the ransomware epidemic, from the role of cyber insurance, to cryptocurrency, to safe havens for threat actors, and has recommended actions for industry, government, and civil society.
The RTF’s recommended framework is not for piecemeal action; it will take the coordinated effort of many stakeholders to accomplish these four critical goals, which each fill a gap in the current approach to ransomware mitigation.
The time for concerted, coordinated action is now. We at CTA are proud to have played a part in this groundbreaking coalition, and look forward to the day when the threat of ransomware no longer looms over the heads of citizens, students, teachers, businesses, hospitals, and nations.
To read the RTF report
To learn more about the Ransomware Task Force, visit
About the Cyber Threat Alliance
CTA was founded by Check Point Software Technologies Ltd., Cisco, Fortinet, McAfee, Palo Alto Networks, and Symantec. Membership also includes ADT CAPS Infosec, Alien Labs, Anomali, Avast, Dragos, Ericom Software, Juniper Networks, K7 Computing, Morphisec, NEC Corporation, NETSCOUT, NTT Security, OneFirewall, Panda Security, Radware, Rapid7, ReversingLabs, Saint Security, Scitum, SecureBrain, SecurityScorecard, SonicWall, Sophos, TEHTRIS, Telefónica’s ElevenPaths, Verizon, and VMware. CTA is the industry’s first formally organized group of cybersecurity practitioners that work together in good faith to share threat information and improve global defenses against advanced cyber adversaries. CTA’s mission is to facilitate the sharing of actionable intelligence and situational awareness about sophisticated cyber threats to improve its members’ cyber defenses, more effectively disrupt malicious cyber actors around the world and raise the level of cybersecurity throughout the Internet and cyberspace. The alliance is continuing to grow on a global basis, enriching both the quantity and quality of the information that is being shared across the platform. CTA is actively recruiting additional regional players to enhance information sharing to enable a more secure future for all. For more information about CTA, please visit:

Back to News