Warren Drafts ‘Ransom Disclosure Act’ as Ransomware Attacks Increase

2 mins
6 October 2021, 13:20 GMT+0000
Updated by Ryan James
6 October 2021, 13:21 GMT+0000
In Brief
  • Victims of ransomware attacks in the U.S. may soon have to report hacked payments to DHS.
  • Senator Warren along with Representative Deborah Ross are spearheading the bill.
  • Ransomware attacks in the U.S. are up 62% in the last two years.
  • promo

Two U.S. officials proposed a new bill which targets victims and hackers involved in ransomware attacks amidst a rise in incidences. 

The legislation proposes victims of ransomware attacks in the U.S. file an incident report within 48 hours of payment. Senator Elizabeth Warren and House Representative Deborah Ross proposed the bill titled ‘Ransom Disclosure Act’.

Officials in the United States have had their eye on ransomware-related attacks with the increase in incidents in recent years. According to data from SonicWall, a cybersecurity firm, ransomware attacks worldwide saw a 62% increase. In North America alone, they increased by 158%. Additionally, the firm called 2020 the “perfect storm” for such attacks, as the shift to digital increased as a result of the COVID-19 pandemic

One of the biggest ransomware incidents occurred in May 2021, when the Colonial Pipeline suffered a $5 million attack.  The hacker group DarkSide solicited the ransom in crypto, of which the U.S. DOJ recovered more than half. Nonetheless, the increase in incidents attracted a regulatory crackdown. Representative Ross, one of the bill’s authors, cited the incident in a Tweet after the bill surfaced online. 

“Ransomware attacks pose serious threats to people in North Carolina & beyond. We saw just how detrimental they can be in the Colonial Pipeline cyber-attack. That’s why I introduced legislation with @SenWarren  to bolster our understanding & ways of addressing ransomware payments.”

Bolstering Online Security

The bill supports the Department of Homeland Security’s (DHS) efforts understanding the functionality of cybercriminal gangs and better cybersecurity practices. 

In a statement on both of the lawmaker’s websites, the Ransom Disclosure Act contains four main components. 

  • Victims of ransomware attacks (with the exception of individuals) must report information on payments within 48 hours after payment. This includes the amount demanded from the hacker and that paid, along with type currency. In addition, victims must include any known information on the hacker. 
  • DHS would publicize the information from the previous year, without revealing victim identity. 
  • DHS must create a website for ransom incident reports. 
  • Lastly, the DHS should conduct a study on overlapping qualities of ransomware attacks. This must include the extent of crypto-related attacks, along with recommendations for enhanced cybersecurity. 

Prior to the proposed bill, the U.S. Treasury said it is preparing new sanctions against hackers and digital currencies as ransomware payments. Moreover, on September 22, 2021, the Treasury sanctioned the crypto exchange Suex for an affiliation with ransomware laundering. 

Aside from this new ransomware bill, other crypto related bills are under review from U.S. lawmakers. Most notably the industry rattling tax infrastructure bill, along with a bill which tracks foreign crypto mining.  

What do you think about this subject? Write to us and tell us!


BeInCrypto has reached out to company or individual involved in the story to get an official statement about the recent developments, but it has yet to hear back.