Ransomware Task Force Releases Blueprint for Ransomware Defense

Working Group develops clear, actionable framework for ransomware mitigation, response, and recovery

SAN FRANCISCO and EAST GREENBUSH. N.Y., Aug. 4, 2022 – The Ransomware Task Force (RTF) –  created by the Institute for Security and Technology (IST) in April of 2021 in response to the emerging national and economic security risk posed by ransomware – today, introduced the Blueprint for Ransomware Defense. The report is being released ahead of the Multi-State Information Sharing and Analysis Center’s (MS-ISAC®) 15th Annual ISAC Meeting in Baltimore, Maryland August 7-10, where the full results will be presented by working group members for the first time.

This Blueprint addresses the call from the RTF Report: Combating Ransomware, for the cybersecurity community to "develop a clear, actionable framework for ransomware mitigation, response, and recovery." The Blueprint is comprised of a curated subset of the Center for Internet Security® Critical Security Controls® (CIS Controls®) essential cyber hygiene Safeguards. The Safeguards within Implementation Group 1 (IG1) of the CIS Controls v8 represents a minimum standard of information security for all enterprises.

The Blueprint for Ransomware Defense is a set of actionable and achievable Safeguards aimed at small- and medium-sized enterprises (SMEs). It is not intended to serve as an implementation guide, but rather a recommendation of defensive actions that can be taken to protect against and respond to ransomware and other common cyber attacks. Defensive actions include implementation of controls in areas such as:

  • Enterprise asset and software inventory management
  • Vulnerability management
  • Malware defense
  • Training
  • Data recovery
  • Incident response

“The 40 recommended Safeguards included in the Blueprint have been carefully selected not only for their ease of implementation but their effectiveness in defending against ransomware attacks,” said Valecia Stocchetti, CIS Controls Senior Cybersecurity Engineer and Blueprint for Ransomware Defense co-author. “This has been backed by analysis from the CIS Community Defense Model which found that implementing the Safeguards in this Blueprint defends against over 70% of the attack techniques associated with ransomware.”

According to the U.S. Small Business Administration, there are more than 32 million small businesses in the United States, representing 99% of all firms. However, many of these businesses remain inadequately prepared against the risk of a cyber attack.

“Implementing essential cyber hygiene removes a critical barrier for SMEs with limited cybersecurity expertise in defending against ransomware,” said Aaron McIntosh, Director of Product Marketing at ActZero and co-author of the Blueprint. “By adopting and implementing essential cyber hygiene, SMEs will also have sufficient protection to thwart general and non-targeted cyber attacks, and work with cyber insurers to gain access to additional protections.”

"The Blueprint gives the cyber insurance industry a new tool in our fight against the rise in criminal ransomware attacks,” said Davis Hake, Co-Founder of Resilience. “By providing a practical, data driven framework that is focused on middle market and small businesses, it is targeted at companies who often struggle the most with defending their systems."

The Blueprint for Ransomware Defense also aligns with the National Institute of Standards and Technology® (NIST®) Cybersecurity Framework (CSF), focusing on the framework’s five Security Functions – Identify, Protect, Detect, Respond, and Recover – to help enterprises prioritize their efforts to determine a starting point in developing ransomware defenses. 

“The Blueprint’s publication culminates many months of collaborative work and reflects one of the multiple ongoing efforts to implement the Task Force’s recommendations,” said Megan Stifel, Co-Chair of the Ransomware Task Force and Chief Strategy Officer at the Institute for Security and Technology. “We urge all organizations, and especially SMEs, to review this guidance and take action to reduce their ransomware risk. Together we can bolster collective resilience to this threat.”

The IST Ransomware Task Force working group members include ActZero, CIS, Global Cyber Alliance, Resilience, and SecurityScorecard.

About IST

The Institute for Security and Technology (IST) designs and advances solutions to the world’s toughest emerging security threats. We are a nonpartisan, 501(c)(3) nonprofit organization based in the San Francisco Bay Area dedicated to advancing solutions to critical cyber and national security challenges. For more information, visit: securityandtechnology.org or follow us on Twitter: @IST_org.

Media Contact: 

Connor Farry

[email protected]


About CIS

The Center for Internet Security, Inc. (CIS®) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit, responsible for the CIS Critical Security Controls® and CIS Benchmarks™, globally recognized best practices for securing IT systems and data. We lead a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats. Our CIS Hardened Images® provide secure, on-demand, scalable computing environments in the cloud. CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial (SLTT) government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the rapidly changing cybersecurity needs of U.S. election offices. To learn more, visit CISecurity.org or follow us on Twitter: @CISecurity.