Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Cybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and ResilienceCybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and Resilience
CISA Logo

Search

 

America's Cyber Defense Agency
 
  • Topics
    Cybersecurity Best Practices
    Cyber Threats and Advisories
    Critical Infrastructure Security and Resilience
    Election Security
    Emergency Communications
    Industrial Control Systems
    Information and Communications Technology Supply Chain Security
    Partnerships and Collaboration
    Physical Security
    Risk Management
    How can we help?
    GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help LocallyFaith-Based CommunityExecutivesHigh-Risk Communities
  • Spotlight
  • Resources & Tools
    All Resources & Tools
    Services
    Programs
    Resources
    Training
    Groups
  • News & Events
    News
    Events
    Cybersecurity Alerts & Advisories
    Directives
    Request a CISA Speaker
    Congressional Testimony
    CISA Conferences
    CISA Live!
  • Careers
    Benefits & Perks
    HireVue Applicant Reasonable Accommodations Process
    Hiring
    Resume & Application Tips
    Students & Recent Graduates
    Veteran and Military Spouses
  • About
    Divisions & Offices
    Regions
    Leadership
    Doing Business with CISA
    Site Links
    CISA GitHub
    CISA Central
    Contact Us
    Subscribe
    Transparency and Accountability
    Policies & Plans

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Breadcrumb
  1. Home
  2. Joint Ransomware Task Force
Share:
A web of cyber iconography.

Joint Ransomware Task Force

The work of this interagency body represents a significant step forward in the U.S. government’s efforts to address the growing threat of ransomware attacks.

Overview

Ransomware incidents continue to affect far too many organizations – shutting down school districts, disabling emergency communications, forcing hospitals to divert patients, causing untold losses to businesses across the country. Countering a threat of this magnitude requires effectively leveraging every available tool – and coordinating each tool to maximize our impact. The Joint Ransomware Task Force (JRTF) is an interagency body established by Congress to achieve this goal. 

As designated in Section 106 of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), JRTF serves as the central body for coordinating an ongoing nationwide campaign against ransomware attacks in addition to identifying and pursuing opportunities for international cooperation. JRTF, co-chaired by CISA and the Federal Bureau of Investigation (FBI), coordinates existing interagency ransomware efforts and identifies new initiatives to effectively leverage the unique authorities and capabilities across the U.S. Government and the private sector to address ransomware threats.

JRTF coordinates, deconflicts, and synchronizes efforts across federal; state, local, tribal, territorial (SLTT); and private sector partners and, when applicable, with international partners. JRTF also leverages ransomware-related centers of excellence and relevant organizations to further the national effort to mitigate the ransomware threat.

Stock image of a globe and cyber

#StopRansomware Guide

Authored in coordination with JRTF in May 2023, the guide is a customer centered, one-stop resource with best practices and ways to prevent, protect and/or respond to a ransomware attack.

Learn More

JRTF Activities

The task force prioritizes the strategic direction of two lines of effort: mitigation/protection and countering/disruption.

Each participating federal agency leverages its existing authorities and capabilities to support JRTF in achieving these objectives. JRTF's activities include:

  • Developing and sharing best practices for preventing and responding to ransomware attacks,
  • Conducting joint investigations and operations against ransomware threat actors, 
  • Providing guidance and resources to organizations that have been victimized by ransomware,
  • Prioritizing operations to disrupt specific ransomware actors,
  • Identifying a list of highest threat ransomware entities updated on an ongoing basis, and
  • Collecting, sharing, and analyzing ransomware trends.

In 2023, JRTF has made important strides in creating a foundation and unifying efforts to advance our shared efforts against ransomware threats, including activities to:

  • Standardize and synchronize federal engagement with ransomware victims to offer services and assess any gaps to ensure that victims of ransomware incidents receive the necessary support to restore services and minimize damage.
  • Collect data and metrics that will improve the cybersecurity community’s collective understanding of ransomware affecting U.S. organizations and trends associated with actors, victims, and impacts, which will in turn inform U.S. government actions to counter the threat, provide more actionable guidance, and evaluate progress.
  • Expand operational collaboration and multi-directional intelligence sharing between JRTF members and non-governmental partners including the private sector and the international community to more effectively prevent, detect, and respond to evolving ransomware campaigns.
  • Examine and compile lessons learned from recent ransomware incidents in key sectors to address gaps in coordination, increase effectiveness of information sharing, and improve the federal government’s response and preparedness posture.
  • Leverage the intelligence collection capabilities of all partners, process intelligence community analysis, and manage intelligence engagement with international partners to drive the planning and execution of synchronized JRTF operations. 
  • Organize existing interagency campaigns to disrupt ransomware actors and strengthen national cyber defense against ransomware operations, while also collaborating with relevant partners on new campaigns efforts.

External Partners Working Group

JRTF’s work to unify capabilities and resources across the U.S. government represents a significant step forward in the U.S. government’s efforts to address the growing threat of ransomware attacks. The task force’s External Partners Working Group will continue to accelerate progress and work with partners across the cybersecurity community, with a focus on operational collaboration with organizations from: 

  • Private sector companies and researchers that have demonstrated expertise on cybercriminal threats or have particular visibility into ransomware threats, ransomware attacks, or the larger cybercrime ecosystem;  
  • Critical infrastructure sectors including the sector risk management agencies (SRMAs) and information sharing and analysis centers (ISACs); and 
  • The international community, including peer cybersecurity, intelligence, and law enforcement agencies in partner countries.  

JRTF, working closely with partners, will drive measurable progress in reducing the prevalence of damaging ransomware events affecting American organizations.

Additional Resources

US Capitol building with cyber nodes

Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA)

Red skull against malicious code

#StopRansomware Joint Cybersecurity Advisories

cybersecurity abstract image

StopRansomware.gov

Report Ransomware

Return to top
  • Topics
  • Spotlight
  • Resources & Tools
  • News & Events
  • Careers
  • About
Cybersecurity & Infrastructure Security Agency
  • Facebook
  • X
  • LinkedIn
  • YouTube
  • Instagram
  • RSS
CISA Central 1-844-Say-CISA SayCISA@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
  • About CISA
  • Budget and Performance
  • DHS.gov
  • FOIA Requests
  • No FEAR Act
  • Office of Inspector General
  • Privacy Policy
  • Subscribe
  • The White House
  • USA.gov
  • Website Feedback