According to an Oct. 5 article from Bloomberg Law, victims of ransomware attacks would be required to report payments made to hackers within 48 hours under a proposal from Democratic Senator Elizabeth Warren and Democratic Representative Deborah Ross.
The article states that “The Ransom Disclosure Act would give the Department of Homeland Security data on ransomware payments, including the amount of money demanded and paid, and the type of currency used. The lawmakers say this is essential to bolster the U.S. government’s understanding of how hackers operate and the extent of the ransomware threat.”
Further, “Lawmakers and U.S. officials have been pressing for more regulations since the attack on Colonial Pipeline Co. in May forced the shutdown of the nation’s largest fuel pipeline until the company paid $4.4 million in ransom. Other critical infrastructure has also been targeted, including hospitals and food supply chains. The Biden administration recently backed a separate proposal from Democratic Senator Gary Peters and Republican Senator Rob Portman that would require attacks on federal agency networks and contractors to be reported to the Cybersecurity and Infrastructure Security Agency.”
Just last week, reports of the FIN12 ransomware gang stated that the group targets sensitive, high-value targets, like healthcare organizations. Over the past several weeks, cyberattacks ranging from ransomware attacks to data theft or other breaches have impacted at least three southern and central Indiana hospitals.
In an Oct. 6 article from TechCrunch by Carly Page, Page writes that “The Ransom Disclosure Act would also require Homeland Security to set up a website for organizations to voluntarily report payment of ransoms, as well as to share information disclosed during the previous year, excluding identifying information about the entities that paid up. Similar efforts by security researchers already exist.”
That said, “Warren says these measures are needed due to the ‘skyrocketing’ number of ransomware attacks; attacks rose by 158 percent in North America last year, and victims worldwide paid nearly $350 million in ransom—a more than 300 percent increase over 2019, data shows. What’s more, recent research found that ransom payments account for just 20 percent of the total cost of a ransomware attack, with businesses suffering the majority of their losses through lost productivity and post-attack recovery.”
Senator Warren said in a statement that “My bill with Congresswoman Ross would set disclosure requirements when ransoms are paid and allow us to learn how much money cybercriminals are siphoning from American entities to finance criminal enterprises—and help us go after them.”
“Ransomware attacks are becoming more common every year, threatening our national security, economy, and critical infrastructure,” said Congresswoman Ross in a statement. “Unfortunately, because victims are not required to report attacks or payments to federal authorities, we lack the critical data necessary to understand these cybercriminal enterprises and counter these intrusions. I’m proud to introduce this legislation with Senator Warren which will implement important reporting requirements, including the amount of ransom demanded and paid, and the type of currency used. The U.S. cannot continue to fight ransomware attacks with one hand tied behind our back. The data that this legislation provides will ensure both the federal government and private sector are equipped to combat the threats that cybercriminals pose to our nation.”
