Contact

Ransomware Authority operates as a public-reference provider network covering the ransomware defense service sector across all US jurisdictions. This page describes the available contact channels, the geographic scope of the provider network's coverage, and the information that produces the most efficient response when reaching this office. Inquiries related to provider network providers, research references, and regulatory coverage all follow structured intake processes outlined below.

Additional contact options

Beyond direct messaging, several structured intake channels exist depending on the nature of the inquiry. Provider Network-related submissions — including requests to add, update, or dispute a provider — are processed separately from editorial and research inquiries. The Ransomware Providers section of this provider network provides contextual information on how service providers appear within the network framework, and reviewing that section before submitting a provider-related inquiry reduces back-and-forth substantially.

Inquiries touching on regulatory compliance framing — including coverage of CISA guidance, HIPAA obligations under 45 CFR Part 164, or NYDFS Cybersecurity Regulation requirements under 23 NYCRR 500 — are treated as editorial-scope requests and are routed to the content review process rather than general correspondence. The How to Use This Ransomware Resource page documents the provider network's scope boundaries and helps distinguish which channel applies to a given inquiry type.

For researchers or institutions citing provider network content in formal publications, attribution inquiries follow the editorial channel. Public-sector organizations — including municipal agencies and healthcare entities subject to CIRCIA reporting obligations under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 — may request sector-specific clarifications through the general contact form, noting their sector affiliation in the subject line.

How to reach this office

Contact is handled through the web-based submission form accessible on this page. No telephone intake is operated. All written correspondence submitted through the form enters a documented intake queue, with responses issued in the order received.

Response timelines vary by inquiry category:

  1. Provider corrections or additions — acknowledged within 3 business days; resolution timeline depends on verification complexity.
  2. Editorial and regulatory coverage questions — routed to content review; response issued within 5 business days.
  3. Research and attribution requests — handled within 7 business days, subject to scope assessment.
  4. Urgent incident-context inquiries — flagged by selecting the appropriate priority classification in the form; reviewed ahead of standard queue.

Organizations experiencing an active ransomware incident should contact the FBI's Internet Crime Complaint Center (IC3) at ic3.gov and the Cybersecurity and Infrastructure Security Agency (CISA) via its 24/7 reporting line documented at cisa.gov/report. This provider network does not provide incident response services and cannot substitute for those federal resources.

Service area covered

This provider network operates at national scope, covering all 50 US states and the District of Columbia. The ransomware defense service sector catalogued here includes incident response firms, managed security service providers, digital forensics providers, and backup and recovery specialists operating under US jurisdiction.

Coverage prioritizes service providers operating within the 16 critical infrastructure sectors identified by CISA under Presidential Policy Directive 21 — including healthcare, energy, water systems, financial services, and education. These sectors carry documented ransomware exposure and, in most cases, sector-specific regulatory obligations that intersect with service provider qualifications.

State-specific regulatory environments are reflected where relevant. Providers in New York operating under 23 NYCRR 500 face different qualification expectations than providers in states without an equivalent standalone cybersecurity regulation. Similarly, healthcare-adjacent service providers must demonstrate familiarity with HHS Office for Civil Rights enforcement posture under HIPAA's Security Rule (45 CFR Part 164, Subpart C). Provider Network content distinguishes between providers operating under these distinct regulatory frameworks rather than treating the national market as uniform.

Providers do not extend to non-US service providers unless those providers hold explicit US-market authorization, US-based operational infrastructure, or a documented compliance posture aligned with US federal frameworks including NIST SP 800-61 Rev. 2 (Computer Security Incident Handling Guide, csrc.nist.gov) or NIST SP 800-184.

What to include in your message

Structured, complete submissions reduce processing time and produce more accurate responses. The following breakdown applies by inquiry type:

For provider additions or corrections:
- Full legal name of the organization
- Primary service category (incident response, managed detection, forensics, backup/recovery, or advisory)
- States of operation or licensure where applicable
- Any relevant professional certifications (DFIR credentials, SOC 2 Type II attestation, etc.)
- Specific field or section requiring correction, with a description of the inaccuracy

For editorial and regulatory coverage questions:
- The specific regulation, standard, or guidance document at issue (e.g., CIRCIA, HIPAA Security Rule, PCI DSS v4.0)
- The page or section on Ransomware Authority where the coverage gap or question arises — linking to the Ransomware Provider Network Purpose and Scope page if the question concerns overall coverage boundaries
- Any named public source (CISA advisory, NIST publication, FBI IC3 report) that the inquiry references

For research and attribution inquiries:
- Name of the publishing institution or outlet
- Nature of the publication (peer-reviewed, government report, journalistic, etc.)
- Specific data point or content excerpt being cited
- Intended attribution format

Incomplete submissions without a clear category designation are held pending follow-up clarification, which extends resolution time. The FBI IC3 2023 Internet Crime Report documented 2,825 ransomware complaints in 2023 (FBI IC3 2023 Internet Crime Report), a figure that underscores the scale of the sector this provider network covers and the importance of maintaining accurate, current service-provider information for practitioners navigating it.

Report a Data Error or Correction

Found incorrect information, an outdated fact, or a broken link? Use the form below.

Interested in becoming a verified provider?

[email protected]

Include your business name, location, and services offered.

📜 1 regulatory citation referenced  ·   · 

References

Read Next

Ransomware Listings ANA › Professional Services Authority › National Cyber › Ransomware Network: Purpose and Scope Ransomware Providers The ransomware... Ransomware Directory: Purpose and Scope ANA › Professional Services Authority › National Cyber › Ransomware Network: Purpose and Scope Ransomware Network: Purpose and Scope The... Cybersecurity Directory: Purpose and Scope ANA › Professional Services Authority › National Cyber › Ransomware Network: Purpose and Scope Cybersecurity Network: Purpose and Scope...