Proposed Bill Would Require Public Disclosure of Ransomware Payments

Two U.S. congresswomen introduced a bill that would require ransomware victims to publicly disclose ransom payments to the federal government.

Introducing the ‘Ransom Disclosure Act’

In early October, Senator Elizabeth Warren (D-Mass.) and Representative Deborah Ross (D-N.C.) introduced a bill for the Ransom Disclosure Act.

Senator Warren said the bill has two main goals. First, it would help the U.S. government to learn how ransomware gangs work. Next, it would deepen their knowledge of the larger ransomware threat.

“Ransomware attacks are skyrocketing, yet we lack critical data to go after cyber criminals,” said Senator Warren. “My bill with Congresswoman Ross would set disclosure requirements when ransoms are paid and allow us to learn how much money cyber criminals are siphoning from American entities to finance criminal enterprises ⁠— and help us go after them.”

If passed, entities that paid a ransom must disclose the details to the government within 48 hours. Those specifics would include the date on which the victim received the ransom demand, the date on which they fulfilled it, the amount paid and in what currency.

If passed, the Department of Homeland Security will be responsible for removing identifying information from ransom payment reports. It would organize the reports submitted during the previous year and publish those records. It will also create a website where people can report ransom payments.

At that point, the DHS secretary will analyze those ransom payment records for common factors such as the extent to which threat actors relied on cryptocurrency to run their ..

Support the originator by clicking the read the rest link below.