The bill mandates disclosure of financial information regarding ransom payments by victims
In a bid to better understand how ransomware operations are executed, the United States Senator Elizabeth Warren and Representative Deborah Ross introduced the Ransom Disclosure Act in Congress yesterday.
The bill, if passed, will mandate victims of ransomware attacks to report the incident to the Department of Homeland Security (DHS) and provide information regarding the financial transactions conducted as part of the ransom payment.
Growing crypto adoption in the United States has also allowed cybercriminals to increasingly demand a ransom payment in cryptocurrencies, owing to the anonymity offered by transactions conducted via digital assets.
The Ransom Disclosure Bill will seek to explore how financial regulators and investigators can gain critical data on such transactions to develop a fuller picture of the operations of cybercriminal enterprises and protect investors from being victimised by such schemes.
Calling the skyrocketing number of ransomware attacks a national security, economic and critical infrastructure threat, Congresswoman Ross stated that the bill would implement disclosure requirements including the amount of ransom demanded and paid, the type of currency used and any known information about the entity demanding ransom.
“The U.S. cannot continue to fight ransomware attacks with one hand tied behind our back,” the Congresswoman added.
The bill requires that the victims of ransomware attacks disclose the above information within 48 hours of the time of payment through a website to be established by the DHS. This will equip the regulators with the necessary tools to learn how much money is being lost to cybercriminals by American entities and how such intrusions can be countered, Senator Warren stated.
The bill will also require the DHS to study the cases and find commonalities to determine the extent to which cryptocurrencies facilitated the attacks. The recommendations received based on this information are expected to be reflected in future laws aimed at strengthening the country’s cybersecurity.
Ransomware attacks have increased by 158% in North America between 2019 and 2020, with the FBI receiving over 2,500 complaints and the total ransom paid worth $29 million in 2020 alone. Worldwide, ransomware attacks rose by 62% with average ransom payment increasing by 170% to $312,000.