By visiting our site, you agree to our privacy policy regarding cookies, tracking statistics, etc.
This tracker identifies trends in government actions against ransomware, highlights areas where we see more or less activity, and establishes a baseline of awareness that can support future analyses of government effectiveness.
If you notice any missing data or have additional information, we invite you to contribute to the tracker by filling out this form. We also welcome suggestions for expanding this research. You can contact us at ransomwaretracker@virtual-routes.org.
Governments worldwide have initiated various efforts to combat ransomware, a growing threat that disrupts critical infrastructure, businesses, and individuals. These efforts range from international collaborations to national-level actions, including arrests, sanctions, botnet takedowns, and recovery of ransomware payments. However, the visibility and awareness of these initiatives vary significantly, often leaving gaps in public understanding.
The purpose of this tracker is to identify trends in government actions against ransomware, highlight areas where we see more or less activity, and establish a baseline of awareness that can support future analyses of government effectiveness.
The tracker documents concrete actions taken by governments against ransomware or ransomware-related cybercrime. This includes direct actions targeting ransomware groups and measures affecting their modus operandi, such as disrupting botnet infrastructure. Legislative or policy changes and actions by private sector actors are not included. The focus is on executive or judicial measures with direct impacts on ransomware activities.
The data for this tracker was compiled using:
This tracker relies on publicly available English and German language sources. While we have high confidence in its coverage of major government actions since 2018, there may be gaps, particularly in lower-level government actions such as advisories on new ransomware tactics, techniques, and procedures (TTPs).
This tracker is based on a dataset developed by Max Smeets for “Ransom War: How Cyber Crime Became a Threat to National Security” and has benefited greatly from Janina Inauen’s research in refining descriptions and verifying cases.
The data includes the date of the event, the countries or institutions involved, a description of the action, its details, the operation name (if applicable), the category of the event (e.g., arrest, sanction, botnet takedown), the affected ransomware group(s), the level of cooperation (national or international), and source information.
Loading…