By visiting our site, you agree to our privacy policy regarding cookies, tracking statistics, etc.

Launching the Ransomware Countermeasures Tracker

We are excited to announce the Ransomware Countermeasures Tracker, a resource created to identify trends in government actions against ransomware, highlight areas where we see more or less activity, and establish a baseline of awareness that can support future analyses of government effectiveness.

You can access the tracker here.

Why we created the tracker

Governments worldwide have initiated various efforts to combat ransomware, a growing threat that disrupts critical infrastructure, businesses, and individuals. These efforts range from international collaborations to national-level actions, including arrests, sanctions, botnet takedowns, and recovery of ransomware payments. However, the visibility and awareness of these initiatives vary significantly, often leaving gaps in public understanding.

The purpose of this tracker is to fill this gap, enabling all researchers to better understand and improve government countermeasures against ransomware.

What information is included

The tracker documents concrete actions taken by governments against ransomware or ransomware-related cybercrime. This includes direct actions targeting ransomware groups and measures affecting their modus operandi, such as disrupting botnet infrastructure. Legislative or policy changes and actions by private sector actors are not included. The focus is on executive or judicial measures with direct impacts on ransomware activities.

How we collected the data

The data for this tracker was compiled using:

  • General searches for government actions against ransomware.
  • Reviews of ransomware-related articles on BleepingComputer and other news sites.
  • Targeted searches for actions against specific ransomware groups listed in Coveware’s quarterly “Most Common Ransomware Variants” reports since 2018.
  • Scraping news pages from Europol, Interpol, and stopransomware.gov to identify relevant reports on ransomware-related actions.

This tracker relies on publicly available English and German language sources. While we have high confidence in its coverage of major government actions since 2018, there may be gaps, particularly in lower-level government actions such as advisories on new ransomware tactics, techniques, and procedures (TTPs).

This tracker is based on a dataset developed by Max Smeets for “Ransom War: How Cyber Crime Became a Threat to National Security” and has benefited greatly from Janina Inauen’s research in refining descriptions and verifying cases.

How the data is structured

The data includes the date of the event, the countries or institutions involved, a description of the action, its details, the operation name (if applicable), the category of the event (e.g., arrest, sanction, botnet takedown), the affected ransomware group(s), the level of cooperation (national or international), and source information.

How you can contribute

We aim to keep this tracker up to date despite the rapidly evolving developments in the ransomware landscape. 

If you notice any missing data or have additional information, we invite you to contribute to the tracker by filling out this form. We also welcome suggestions for expanding this research. You can contact us at ransomwaretracker@virtual-routes.org.

We are excited to announce the Ransomware Countermeasures Tracker, a resource created to identify trends in government actions against ransomware, highlight areas where we see more or less activity, and establish a baseline of awareness that can support future analyses of government effectiveness.

You can access the tracker here.

Why we created the tracker

Governments worldwide have initiated various efforts to combat ransomware, a growing threat that disrupts critical infrastructure, businesses, and individuals. These efforts range from international collaborations to national-level actions, including arrests, sanctions, botnet takedowns, and recovery of ransomware payments. However, the visibility and awareness of these initiatives vary significantly, often leaving gaps in public understanding.

The purpose of this tracker is to fill this gap, enabling all researchers to better understand and improve government countermeasures against ransomware.

What information is included

The tracker documents concrete actions taken by governments against ransomware or ransomware-related cybercrime. This includes direct actions targeting ransomware groups and measures affecting their modus operandi, such as disrupting botnet infrastructure. Legislative or policy changes and actions by private sector actors are not included. The focus is on executive or judicial measures with direct impacts on ransomware activities.

How we collected the data

The data for this tracker was compiled using:

  • General searches for government actions against ransomware.
  • Reviews of ransomware-related articles on BleepingComputer and other news sites.
  • Targeted searches for actions against specific ransomware groups listed in Coveware’s quarterly “Most Common Ransomware Variants” reports since 2018.
  • Scraping news pages from Europol, Interpol, and stopransomware.gov to identify relevant reports on ransomware-related actions.

This tracker relies on publicly available English and German language sources. While we have high confidence in its coverage of major government actions since 2018, there may be gaps, particularly in lower-level government actions such as advisories on new ransomware tactics, techniques, and procedures (TTPs).

This tracker is based on a dataset developed by Max Smeets for "Ransom War: How Cyber Crime Became a Threat to National Security" and has benefited greatly from Janina Inauen’s research in refining descriptions and verifying cases.

How the data is structured

The data includes the date of the event, the countries or institutions involved, a description of the action, its details, the operation name (if applicable), the category of the event (e.g., arrest, sanction, botnet takedown), the affected ransomware group(s), the level of cooperation (national or international), and source information.

How you can contribute

We aim to keep this tracker up to date despite the rapidly evolving developments in the ransomware landscape. 

If you notice any missing data or have additional information, we invite you to contribute to the tracker by filling out this form. We also welcome suggestions for expanding this research. You can contact us at ransomwaretracker@virtual-routes.org.

Similar posts

Virtual Routes contributes to REMIT annual meeting in Brussels

Virtual Routes continued its central contribution to the Horizon Europe project on Reigniting Multilateralism Through Technology (REMIT) at its annual meeting in Brussels, on 12 and 13 February.
Διαβάστε περισσότερα

Max Smeets speaks at the MSC side-event on the Opportunities and Risks of AI for Peace and War

The event was co-organized with the Bavarian Scientific Alliance for Peace, Conflict and Security. The Alliance is a collaboration of currently nine universities in Bavaria, funded by the Bavarian government, that aims to join academic forces in peace and conflict research and strengthen ties to political and civil society actors.
Διαβάστε περισσότερα

Virtual Routes at the 2024 Internet Governance Forum

In December 2024, Virtual Routes co-organised two sessions at the United Nations Internet Governance Forum (IGF) in Riyadh, Saudi Arabia, with the Royal United Services Institute (RUSI).
Διαβάστε περισσότερα

Thank you for signing up to our newsletter!

Thank you! RSVP received for Launching the Ransomware Countermeasures Tracker

Thank you for applying! We will be in touch.

Apply for: Launching the Ransomware Countermeasures Tracker

Launching the Ransomware Countermeasures Tracker

Φόρτωση...

Φόρτωση…