By visiting our site, you agree to our privacy policy regarding cookies, tracking statistics, etc.

Join us at Binding Hook Live on October 27 at Underbelly Boulevard Soho in London
Join us at Binding Hook Live
Request an invite

Launching the Ransomware Countermeasures Tracker

We are excited to announce the Ransomware Countermeasures Tracker, a resource created to identify trends in government actions against ransomware, highlight areas where we see more or less activity, and establish a baseline of awareness that can support future analyses of government effectiveness.

You can access the tracker here.

Why we created the tracker

Governments worldwide have initiated various efforts to combat ransomware, a growing threat that disrupts critical infrastructure, businesses, and individuals. These efforts range from international collaborations to national-level actions, including arrests, sanctions, botnet takedowns, and recovery of ransomware payments. However, the visibility and awareness of these initiatives vary significantly, often leaving gaps in public understanding.

The purpose of this tracker is to fill this gap, enabling all researchers to better understand and improve government countermeasures against ransomware.

What information is included

The tracker documents concrete actions taken by governments against ransomware or ransomware-related cybercrime. This includes direct actions targeting ransomware groups and measures affecting their modus operandi, such as disrupting botnet infrastructure. Legislative or policy changes and actions by private sector actors are not included. The focus is on executive or judicial measures with direct impacts on ransomware activities.

How we collected the data

The data for this tracker was compiled using:

  • General searches for government actions against ransomware.
  • Reviews of ransomware-related articles on BleepingComputer and other news sites.
  • Targeted searches for actions against specific ransomware groups listed in Coveware’s quarterly “Most Common Ransomware Variants” reports since 2018.
  • Scraping news pages from Europol, Interpol, and stopransomware.gov to identify relevant reports on ransomware-related actions.

This tracker relies on publicly available English and German language sources. While we have high confidence in its coverage of major government actions since 2018, there may be gaps, particularly in lower-level government actions such as advisories on new ransomware tactics, techniques, and procedures (TTPs).

This tracker is based on a dataset developed by Max Smeets for “Ransom War: How Cyber Crime Became a Threat to National Security” and has benefited greatly from Janina Inauen’s research in refining descriptions and verifying cases.

How the data is structured

The data includes the date of the event, the countries or institutions involved, a description of the action, its details, the operation name (if applicable), the category of the event (e.g., arrest, sanction, botnet takedown), the affected ransomware group(s), the level of cooperation (national or international), and source information.

How you can contribute

We aim to keep this tracker up to date despite the rapidly evolving developments in the ransomware landscape. 

If you notice any missing data or have additional information, we invite you to contribute to the tracker by filling out this form. We also welcome suggestions for expanding this research. You can contact us at [email protected].

We are excited to announce the Ransomware Countermeasures Tracker, a resource created to identify trends in government actions against ransomware, highlight areas where we see more or less activity, and establish a baseline of awareness that can support future analyses of government effectiveness.

You can access the tracker here.

Why we created the tracker

Governments worldwide have initiated various efforts to combat ransomware, a growing threat that disrupts critical infrastructure, businesses, and individuals. These efforts range from international collaborations to national-level actions, including arrests, sanctions, botnet takedowns, and recovery of ransomware payments. However, the visibility and awareness of these initiatives vary significantly, often leaving gaps in public understanding.

The purpose of this tracker is to fill this gap, enabling all researchers to better understand and improve government countermeasures against ransomware.

What information is included

The tracker documents concrete actions taken by governments against ransomware or ransomware-related cybercrime. This includes direct actions targeting ransomware groups and measures affecting their modus operandi, such as disrupting botnet infrastructure. Legislative or policy changes and actions by private sector actors are not included. The focus is on executive or judicial measures with direct impacts on ransomware activities.

How we collected the data

The data for this tracker was compiled using:

  • General searches for government actions against ransomware.
  • Reviews of ransomware-related articles on BleepingComputer and other news sites.
  • Targeted searches for actions against specific ransomware groups listed in Coveware’s quarterly “Most Common Ransomware Variants” reports since 2018.
  • Scraping news pages from Europol, Interpol, and stopransomware.gov to identify relevant reports on ransomware-related actions.

This tracker relies on publicly available English and German language sources. While we have high confidence in its coverage of major government actions since 2018, there may be gaps, particularly in lower-level government actions such as advisories on new ransomware tactics, techniques, and procedures (TTPs).

This tracker is based on a dataset developed by Max Smeets for "Ransom War: How Cyber Crime Became a Threat to National Security" and has benefited greatly from Janina Inauen’s research in refining descriptions and verifying cases.

How the data is structured

The data includes the date of the event, the countries or institutions involved, a description of the action, its details, the operation name (if applicable), the category of the event (e.g., arrest, sanction, botnet takedown), the affected ransomware group(s), the level of cooperation (national or international), and source information.

How you can contribute

We aim to keep this tracker up to date despite the rapidly evolving developments in the ransomware landscape. 

If you notice any missing data or have additional information, we invite you to contribute to the tracker by filling out this form. We also welcome suggestions for expanding this research. You can contact us at [email protected].

Similar posts

Research & Analysis

Pharos Report No. 3: Ransomware’s New Masters: How States Are Hijacking Cybercrime

The third report in the Pharos Series, Ransomware’s New Masters: How States Are Hijacking Cybercrime is authored by Aleksandar Milenkoski, Jiro Minier, Julian-Ferdinand Vögele, Max Smeets, and Taylor Grossman.
Read more
Research & Analysis

Pharos Report No. 2: The Ransomware Trust Paradox

Virtual Routes is pleased to release the second report in the Pharos Series, The Ransomware Trust Paradox by Max Smeets.
Read more
Research & Analysis

Virtual Routes contributes to second Pall Mall Process conference in Paris

On 3-4 April, the second conference of the Pall Mall Process took place in Paris. The Pall Mall Process is a multistakeholder initiative launched by the UK and French governments to address the risks of commercial cyber intrusion capabilities (CCICs). 
Read more

Thank you for signing up to our newsletter!

Thank you! RSVP received for Launching the Ransomware Countermeasures Tracker

Thank you for applying! We will be in touch.

Apply for: Launching the Ransomware Countermeasures Tracker

Launching the Ransomware Countermeasures Tracker

Loading...

Loading…