Sen. Elizabeth Warren, D-Mass., and Rep. Deborah Ross, D-N.C., introduced a bicameral bill this week that would require ransomware victims to report to the government when they have paid a ransom, with an aim of bolstering the flow of critical cybersecurity data.
“Ransomware attacks are skyrocketing, yet we lack critical data to go after cybercriminals,” Sen. Warren said in a press release. “My bill with Congresswoman Ross would set disclosure requirements when ransoms are paid and allow us to learn how much money cybercriminals are siphoning from American entities to finance criminal enterprises – and help us go after them.”
The Ransom Disclosure Act would provide the data to the Department of Homeland Security (DHS), and direct the agency to make a public website for individuals to report ransom payments, publish the disclosed data from the previous year (excluding identifying information of ransomware victims), and conduct a study on commonalities between ransomware attacks.
The DHS study would aim to discover how cryptocurrency playsa role in these attacks and provide cybersecurity recommendations to better protect and strengthen information systems.
The legislation would require ransomware victims, excluding individuals, to report their ransom payments within 48 hours of the date of payment. Additionally, the victims would need to include information regarding “the amount of ransom demanded and paid, the type of currency used for payment of the ransom, and any known information about the entity demanding the ransom.”
“Ransomware attacks are becoming more common every year, threatening our national security, economy, and critical infrastructure,” said Rep. Ross. “Unfortunately, because victims are not required to report attacks or payments to Federal authorities, we lack the critical data necessary to understand these cybercriminal enterprises and counter these intrusions.
“I’m proud to introduce this legislation with Senator Warren which will implement important reporting requirements, including the amount of ransom demanded and paid, and the type of currency used,” she added. “The U.S. cannot continue to fight ransomware attacks with one hand tied behind our back. The data that this legislation provides will ensure both the Federal government and private sector are equipped to combat the threats that cybercriminals pose to our nation.”
According to the press release, ransomware victims paid nearly $350 million in 2020 – a more than 300 percent increase over the previous year. What’s more, the average ransom payment increased by 170 percent to $312,000.