US Draft Bill Would Demand Organizations Report Ransomware Payments Within 48 Hours

Bitdefender Mobile Security Price India

Two US lawmakers have submitted a draft bill that could oblige companies and organizations that fall victim to ransomware to disclose any ransom payments within 48 hours of making them.

The Ransom Disclosure Act, drafted by Senator Elizabeth Warren and Representative Deborah Ross, is meant to enhance the Department of Homeland Security‘s understanding of how ransomware gangs operate.

“Ransomware attacks are becoming more common every year, threatening our national security, economy, and critical infrastructure. Unfortunately, because victims are not required to report attacks or payments to federal authorities, we lack the critical data necessary to understand these cyber-criminal enterprises and counter these intrusions,” Ross said. “The data that this legislation provides will ensure both the federal government and private sector are equipped to combat the threats that cybercriminals pose to our nation.”

If passed, the bicameral bill would mandate that organizations in the US give Homeland Security information on the cybercriminal gang and the amount and type of currency used within 48 hours of payment.

The legislation will also require the DHS to set up an online platform where victims can voluntarily report ransomware payments. Moreover, the department would need to publicly disclose information reported the previous year (excluding the organization’s name) and conduct a study on commonalities among ransomware attacks and how cryptocurrency facilitates them.

Based on this study, Homeland Security could provide specific recommendations to protect systems and bolster cybersecurity.

“We lack critical data to go after cybercriminals,” Warren said. “My bill with [Representative] Ross would set disclosure requirements when ransoms are paid and allow us to learn how much money cybercriminals are siphoning from American entities to finance criminal enterprises — and help us go after them.”

The Ransomware Disclosure Act is just a proposal for now. To pass, it needs to be approved by both the House of Representatives and the Senate, then signed by President Joe Biden.