News

Launching the Ransomware Countermeasures Tracker

Research & Analysis

We are excited to announce the Ransomware Countermeasures Tracker, a resource created to identify trends in government actions against ransomware, highlight areas where we see more or less activity, and establish a baseline of awareness that can support future analyses of government effectiveness.

You can access the tracker here.

Why we created the tracker

Governments worldwide have initiated various efforts to combat ransomware, a growing threat that disrupts critical infrastructure, businesses, and individuals. These efforts range from international collaborations to national-level actions, including arrests, sanctions, botnet takedowns, and recovery of ransomware payments. However, the visibility and awareness of these initiatives vary significantly, often leaving gaps in public understanding.

The purpose of this tracker is to fill this gap, enabling all researchers to better understand and improve government countermeasures against ransomware.

What information is included

The tracker documents concrete actions taken by governments against ransomware or ransomware-related cybercrime. This includes direct actions targeting ransomware groups and measures affecting their modus operandi, such as disrupting botnet infrastructure. Legislative or policy changes and actions by private sector actors are not included. The focus is on executive or judicial measures with direct impacts on ransomware activities.

How we collected the data

The data for this tracker was compiled using:

  • General searches for government actions against ransomware.
  • Reviews of ransomware-related articles on BleepingComputer and other news sites.
  • Targeted searches for actions against specific ransomware groups listed in Coveware’s quarterly “Most Common Ransomware Variants” reports since 2018.
  • Scraping news pages from Europol, Interpol, and stopransomware.gov to identify relevant reports on ransomware-related actions.

This tracker relies on publicly available English and German language sources. While we have high confidence in its coverage of major government actions since 2018, there may be gaps, particularly in lower-level government actions such as advisories on new ransomware tactics, techniques, and procedures (TTPs).

This tracker is based on a dataset developed by Max Smeets for "Ransom War: How Cyber Crime Became a Threat to National Security" and has benefited greatly from Janina Inauen’s research in refining descriptions and verifying cases.

How the data is structured

The data includes the date of the event, the countries or institutions involved, a description of the action, its details, the operation name (if applicable), the category of the event (e.g., arrest, sanction, botnet takedown), the affected ransomware group(s), the level of cooperation (national or international), and source information.

How you can contribute

We aim to keep this tracker up to date despite the rapidly evolving developments in the ransomware landscape. 

If you notice any missing data or have additional information, we invite you to contribute to the tracker by filling out this form. We also welcome suggestions for expanding this research. You can contact us at ransomwaretracker@virtual-routes.org.

Similar posts

Virtual Routes at the 2024 Internet Governance Forum

In December 2024, Virtual Routes co-organised two sessions at the United Nations Internet Governance Forum (IGF) in Riyadh, Saudi Arabia, with the Royal United Services Institute (RUSI).

AI and cybersecurity at Black Hat Europe

On December 10th, Virtual Routes co-director James Shires joined a panel of experts at the AI Summit at BlackHat Europe on "Navigating Standards, Regulations, and Risk Management in AI for Cybersecurity." His remarks focused on the evolving relationship between artificial intelligence and cybersecurity, and implications for governance, regulation, and education.

Virtual Routes welcomes Jamie Collier as Senior Research Associate

Dr Jamie Collier is the Lead Threat Intelligence Advisor in EMEA at Google Cloud. He works with organisations to help them understand their threat landscape and build threat intelligence capabilities.

Thank you for signing up to our newsletter!
Please check your email and confirm your email address.

Thank you! RSVP received for Launching the Ransomware Countermeasures Tracker

Thank you for applying! We will be in touch.

Apply for: Launching the Ransomware Countermeasures Tracker

Launching the Ransomware Countermeasures Tracker

Loading...

Loading…