Email Security

    Ransomware Task Force: One Year Later

    The year-old Ransomware Task Force reports some progress in the war on ransomware and underscores key steps forward to mitigate the global threat.

    by Stephanie Overby

    Key Points

    • The RTF recently reviewed the last 12 months’ progress in deterring, disrupting, preparing for, and responding to ransomware attacks.
    • Despite significant strides, ransomware attacks continue to increase.
    • Organizations that want to protect themselves and contribute to the campaign against ransomware will invest in tools and training that make them harder targets.


    While there have been some noteworthy advances in the increasingly united fight against ransomware, much work remains be done. This was the overarching message at the recent meeting of the Institute for Security and Technology’s Ransomware Task Force (RTF).[1]

    Launched in April 2021, the RTF engages key stakeholders from the private sector, government agencies, nonprofit organizations, and educational institutions — all collaborating, developing new solutions, and recommending action to counter the ransomware threat. Last year, the task force set out 48 specific steps under a four-pronged action plan for deterring, disrupting, preparing for, and responding to ransomware threats.

    At the recent meeting, the RTF issued its 2022 progress report on that action plan,[2] citing significant improvement on a dozen of its recommended steps. The greatest improvements have been made in the area of ransomware deterrence at the government level, with the highly publicized prioritization of efforts to investigate and prosecute ransomware attacks. “Really impressive private-public collaboration … has resulted in a multitude of arrests, cryptocurrency seizures, indictments and sanctions — not bad for a year’s work,” noted Institute for Security and Technology CEO Phil Reiner. 

    Advances in other areas have been less extensive. “There is no silver bullet for eradicating the ransomware threat,” the RTF’s 2022 report reiterated. “Rather, doing so requires a multitude of ongoing efforts and subtle but substantial changes.” 

    For organizations charged with preparing for and responding to ransomware attacks, the best course of action — both for themselves and for the united fight against ransomware — remains the same: following best cybersecurity practices. Mimecast’s offerings support many of these practices, including the implementation of effective ransomware defense tools coupled with comprehensive cybersecurity awareness training for employees and stakeholders.

    Ransomware on the Rise

    While reporting progress, Reiner told the RTF meeting that, “Despite these efforts, ransomware attacks continue to persist and, in some instances, increase in volume.”

    Indeed, since Mimecast’s first State of Email Security survey in 2018, there has been a steady increase in the number of respondents reporting ransomware attacks that impact business operations, damage brand reputation, and exact steep financial costs. In Mimecast’s State of Email Security 2022 report, more than three quarters (76%) of respondents said their organization had been impacted by a ransomware attack over the previous 12 months, with more than a third (36%) reporting the impact to be significant. The numbers were highest for those whose organizations had experienced an overall increase in email-based threats.

    The RTF’s 2022 report is an “honest accounting of how things have progressed and where things stand,” Reiner said. In the year since the task force formed, its stakeholders have laid a solid foundation for future progress. “We have seen a great deal of action to combat ransomware,” the report noted, “yet we have also seen the numbers of observed incidents continue to rise even as stakeholders focus on the threat itself.”

    John Christopher Inglis, the first U.S. National Cyber Director, explained why this was less of a disheartening revelation than a continued call to arms. “Like climate change, it took a long time to get to this roiling point in history,” Inglis told the RTF audience. “It won't be something we turn around in a fortnight.” He also cautioned against any complacency. If key stakeholders choose not to make the kinds of investments recommended by the RTF, Inglis said, “We'll continue to go down the road that we've been on … We will experience one horrific threat after another.”

    An Unprecedented Year 

    The 12 months since the RTF released its action plan have been marked by sizable and successive ransomware attacks worldwide. Only one week after its publication, America suffered the highest profile ransomware attack on its critical infrastructure when a supplier of gasoline and jet fuel to much of the country had to shut down its pipelines for six days, creating fuel shortages and travel disruptions. A week later, a ransomware attack knocked out Ireland’s healthcare administration, forcing hospitals there to suspend services. Two weeks after that, a ransomware attack against the world’s largest meat processing company resulted in scarcity and increased prices for food staples.

    The consecutive attacks served as an important wakeup call for the public and private sector alike about the devastating impact ransomware can have on critical infrastructure, economic stability, health, and national security.

    After the pipeline attack, “The level of attention certainly changed, particularly in the board room,” Chris Krebs, former U.S. Director of the Cybersecurity and Infrastructure Security Agency (CISA), said at the RTF event. “You now have boards of directors that fully understand that cyber is truly a business risk rather than just a technical risk. The fact that there was a functional business disruption due to ransomware attacks — that got a lot of people paying attention.” The challenge now, Krebs said, is turning that increased awareness into action and measurable risk reduction.

    Ransomware will continue as long as it’s relatively easy for cybercriminals to conduct and make money from their exploits, Krebs said. That’s why it’s important for all key stakeholders to shift from building the case against ransomware to actually disrupting the criminal infrastructure that enables ransomware.

    Uniting Against Ransomware: What Companies Can Do

    Driving greater adoption of cybersecurity best practices continues to be a primary goal for governments, the RTF progress report said. Particularly vulnerable are critical infrastructure providers, which can least tolerate disruption, and small to medium-sized businesses (SMBs), which face resource constraints and limited technical maturity.

    The RTF continued to argue for more detailed, actionable guidance tailored to organizations’ needs and context, presented in a way that does not overwhelm or confuse them. To that end, the task force, in partnership with the Center for Internet Security (CIS), plans this summer to introduce a set of critical controls designed to assist SMBs in preparing for attacks. 

    It’s too easy for companies to get lost in a fog of cybersecurity mandates, explained Phyllis Lee, CIS senior director for controls. “I am not against regulation or frameworks, but organizations are buckling under the pressure of all the advice and all the regulatory frameworks that they are subject to,” she told the RTF audience. “People want to know exactly what to do.” 

    The most important thing individual organizations can do for themselves and the greater cybersecurity good is to make themselves what Krebs called “a harder target.” Adopting leading edge turnkey solutions is critical, he said. “Cybercriminals are economically rational actors,” Krebs said. “They're going to use what they have until it doesn't work anymore.” 

    Current CISA director Jen Easterly told the RTF crowd: “This is a persistent issue. The most important thing — and certainly what we're focused on as America’s cyber defense agency — is how to raise the bar on cybersecurity and resilience.”

    The Bottom Line

    Key stakeholders across the public and private sector have united against ransomware. They’ve been working hard over the past year to lay a solid foundation for combating ransomware, but the step changes that need to happen will take time. “The agility and dynamism of ransomware actors cannot be overstated,” as the RTF’s progress report said. In the campaign against ransomware, “it is critical that our disruptive actions, response times, and preventive actions move as dynamically, if not more so.” Organizations that want to do their part to not only protect themselves from the impact of ransomware but also contribute to the larger effort to reduce the threat will invest in best practices, leading edge security solutions, and cybersecurity awareness training. Read on to learn about Mimecast’s ransomware defense solutions and awareness training.



    [1]Combating Ransomware: A Year of Action,” Institute for Security and Technology

    [2]RTF Progress Reports,” Institute for Security and Technology


    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top