Victims of cyberattacks involving ransomware payments would have to report payouts to the Department of Homeland Security (DHS) under the Ransomware Disclosure Act proposed by Sen. Elizabeth Warren (D-Massachusetts) and Rep. Deborah Ross (D-North Carolina).
The proposed bill requires business victims of ransomware attacks to disclose the information within 48 hours and divulge the amount of money demanded as well as any payments made. Victims would also be required to hand over any information known about the fraudsters and provide the currency used for payment.
See also: Warren Calls for Stronger Ransomware Law
“Ransomware attacks are becoming more common every year, threatening our national security, economy, and critical infrastructure,” Ross said in a press release.
The Ransom Disclosure Act also proposes that the ransom information be communicated to the public regarding previous year attacks. The DHS would redact all identifying information about the entities paying the ransom.
Under the bill, the DHS would have to establish a website for the reporting of ransomware payments by victims. Further, the Secretary of Homeland Security would be tasked with conducting a study on how cryptocurrency plays into ransomware attacks and the trends regarding ransomware. The study would also offer suggestions for increasing cybersecurity measures.
“Unfortunately, because victims are not required to report attacks or payments to federal authorities, we lack the critical data necessary to understand these cybercriminal enterprises and counter these intrusions. The data that this legislation provides will ensure both the federal government and private sector are equipped to combat the threats that cybercriminals pose to our nation,” Ross said.
Between 2019 and 2020, Ransomware attacks spiked 62 percent globally and 158 percent in North America, according to last’s year’s FBI internet crime report.
“Ransomware attacks are skyrocketing, yet we lack critical data to go after cybercriminals,” Warren said in the press release.
Warren added that the bill would help the government learn “how much money cybercriminals are siphoning from American entities — and help us go after them.”