Two U.S. officials proposed a new bill which targets victims and hackers involved in ransomware attacks amidst a rise in incidences.
The legislation proposes victims of ransomware attacks in the U.S. file an incident report within 48 hours of payment. Senator Elizabeth Warren and House Representative Deborah Ross proposed the bill titled ‘Ransom Disclosure Act’.
Officials in the United States have had their eye on ransomware-related attacks with the increase in incidents in recent years. According to data from SonicWall, a cybersecurity firm, ransomware attacks worldwide saw a 62% increase. In North America alone, they increased by 158%. Additionally, the firm called 2020 the “perfect storm” for such attacks, as the shift to digital increased as a result of the COVID-19 pandemic.
One of the biggest ransomware incidents occurred in May 2021, when the Colonial Pipeline suffered a $5 million attack. The hacker group DarkSide solicited the ransom in crypto, of which the U.S. DOJ recovered more than half. Nonetheless, the increase in incidents attracted a regulatory crackdown. Representative Ross, one of the bill’s authors, cited the incident in a Tweet after the bill surfaced online.
“Ransomware attacks pose serious threats to people in North Carolina & beyond. We saw just how detrimental they can be in the Colonial Pipeline cyber-attack. That’s why I introduced legislation with @SenWarren to bolster our understanding & ways of addressing ransomware payments.”
Bolstering Online Security
The bill supports the Department of Homeland Security’s (DHS) efforts understanding the functionality of cybercriminal gangs and better cybersecurity practices.
- Victims of ransomware attacks (with the exception of individuals) must report information on payments within 48 hours after payment. This includes the amount demanded from the hacker and that paid, along with type currency. In addition, victims must include any known information on the hacker.
- DHS would publicize the information from the previous year, without revealing victim identity.
- DHS must create a website for ransom incident reports.
- Lastly, the DHS should conduct a study on overlapping qualities of ransomware attacks. This must include the extent of crypto-related attacks, along with recommendations for enhanced cybersecurity.
Prior to the proposed bill, the U.S. Treasury said it is preparing new sanctions against hackers and digital currencies as ransomware payments. Moreover, on September 22, 2021, the Treasury sanctioned the crypto exchange Suex for an affiliation with ransomware laundering.
Aside from this new ransomware bill, other crypto related bills are under review from U.S. lawmakers. Most notably the industry rattling tax infrastructure bill, along with a bill which tracks foreign crypto mining.
What do you think about this subject? Write to us and tell us!