Ransomware Countermeasures Tracker

This tracker identifies trends in government actions against ransomware, highlights areas where we see more or less activity, and establishes a baseline of awareness that can support future analyses of government effectiveness.

If you notice any missing data or have additional information, we invite you to contribute to the tracker by filling out this form. We also welcome suggestions for expanding this research. You can contact us at ransomwaretracker@virtual-routes.org.

Why we created the tracker

Governments worldwide have initiated various efforts to combat ransomware, a growing threat that disrupts critical infrastructure, businesses, and individuals. These efforts range from international collaborations to national-level actions, including arrests, sanctions, botnet takedowns, and recovery of ransomware payments. However, the visibility and awareness of these initiatives vary significantly, often leaving gaps in public understanding.

The purpose of this tracker is to identify trends in government actions against ransomware, highlight areas where we see more or less activity, and establish a baseline of awareness that can support future analyses of government effectiveness.

What information is included

The tracker documents concrete actions taken by governments against ransomware or ransomware-related cybercrime. This includes direct actions targeting ransomware groups and measures affecting their modus operandi, such as disrupting botnet infrastructure. Legislative or policy changes and actions by private sector actors are not included. The focus is on executive or judicial measures with direct impacts on ransomware activities.

How we collected the data

The data for this tracker was compiled using:

  • General searches for government actions against ransomware.
  • Reviews of ransomware-related articles on BleepingComputer and other news sites.
  • Targeted searches for actions against specific ransomware groups listed in Coveware’s quarterly “Most Common Ransomware Variants” reports since 2018.
  • Scraping news pages from Europol, Interpol, and stopransomware.gov to identify relevant reports on ransomware-related actions.

This tracker relies on publicly available English and German language sources. While we have high confidence in its coverage of major government actions since 2018, there may be gaps, particularly in lower-level government actions such as advisories on new ransomware tactics, techniques, and procedures (TTPs).

This tracker is based on a dataset developed by Max Smeets for “Ransom War: How Cyber Crime Became a Threat to National Security” and has benefited greatly from Janina Inauen’s research in refining descriptions and verifying cases.

How the data is structured

The data includes the date of the event, the countries or institutions involved, a description of the action, its details, the operation name (if applicable), the category of the event (e.g., arrest, sanction, botnet takedown), the affected ransomware group(s), the level of cooperation (national or international), and source information.

How you can contribute

We aim to keep this tracker up to date despite the rapidly evolving developments in the ransomware landscape. If you notice any missing data or have additional information, we invite you to contribute to the tracker by filling out this form. We also welcome suggestions for expanding this research. You can contact us at ransomwaretracker@virtual-routes.org.
2024
🇧🇪🇳🇱🇺🇸
🇦🇺🇬🇧🇺🇸
🇦🇺🇨🇦🇫🇷🇩🇪🇯🇵🇳🇱🇸🇪🇨🇭🇬🇧🇺🇸
🇦🇺🇧🇬🇨🇦🇪🇪🇫🇮🇩🇪🇯🇵🇱🇹🇳🇱🇵🇱🇰🇷🇬🇧🇺🇸
🇩🇰🇫🇷🇩🇪🇳🇱🇺🇦🇬🇧🇺🇸
🇦🇺🇨🇦🇫🇷🇩🇪🇯🇵🇳🇱🇸🇪🇨🇭🇬🇧🇺🇸
🇦🇺🇬🇧🇺🇸
20/02/2024
🇦🇺🇨🇦🇫🇮🇫🇷🇩🇪🇯🇵🇳🇱🇳🇿🇵🇱🇸🇪🇨🇭🇺🇦🇬🇧🇺🇸
2023
🇨🇿🇫🇷🇩🇪🇮🇹🇯🇵🇱🇻🇳🇱🇪🇸🇸🇪🇺🇦🇺🇸
🇫🇷🇩🇪🇱🇻🇳🇱🇷🇴🇬🇧🇺🇸
🇦🇺🇳🇱🇬🇧🇺🇸
🇦🇺🇨🇦🇩🇰🇪🇪🇫🇮🇫🇷🇩🇪🇮🇹🇳🇱🇳🇿🇵🇱🇷🇴🇪🇸🇸🇪🇨🇭🇬🇧🇺🇸
🇦🇺🇭🇷🇨🇭🇺🇸
🇨🇦🇫🇷🇩🇪🇮🇪🇱🇹🇳🇱🇳🇴🇵🇹🇷🇴🇪🇸🇸🇪🇬🇧🇺🇸
2022
🇩🇪🇺🇸
🇨🇦🇨🇿🇫🇷🇩🇪🇭🇺🇱🇻🇳🇱🇺🇦🇬🇧🇺🇸
2021
🇦🇺🇧🇪🇨🇦🇫🇷🇩🇪🇰🇼🇱🇺🇳🇱🇳🇴🇵🇭🇵🇱🇷🇴🇰🇷🇸🇪🇨🇭🇬🇧🇺🇸
🇫🇷🇩🇪🇳🇱🇳🇴🇨🇭🇺🇦🇬🇧🇺🇸
21/09/2021
🇺🇸
🇰🇷🇺🇸
🇧🇬🇨🇦🇩🇪🇮🇹🇳🇱🇸🇪🇨🇭🇬🇧🇺🇸
🇨🇦🇫🇷🇩🇪🇮🇹🇯🇵🇬🇧🇺🇸
04/02/2021
🇸🇷🇺🇸
🇨🇦🇫🇷🇩🇪🇱🇹🇳🇱🇺🇦🇬🇧🇺🇸
2020
🇫🇷🇩🇪🇳🇱🇨🇭🇺🇸
🇧🇾🇷🇴🇬🇧
2019
2018
2017
🇳🇱🇷🇴🇬🇧🇺🇸
2016
2015
🇳🇱🇺🇸
2014
🇦🇺🇨🇦🇫🇷🇩🇪🇮🇹🇯🇵🇱🇺🇳🇱🇳🇿🇺🇦🇬🇧🇺🇸
2013
2012
2011
2010

Thank you for signing up to our newsletter!
Please check your email and confirm your email address.

Thank you! RSVP received for US DOJ indicts LockBit developer

Thank you for applying! We will be in touch.

Apply for: US DOJ indicts LockBit developer

US DOJ indicts LockBit developer

Loading...

Loading…