New law may require companies to report to the FBI if they have paid the ransom 48 after a cyberattack

U.S. lawmakers have submitted their proposal for the Ransom Disclosure Act, which seeks to provide the Department of Homeland Security (DHS) with critical information about paying a ransom for ransomware attack in order to reinforce the understanding that authorities have about how these cybercriminal groups operate and find better mechanisms to combat this illegal activity.

Senator Elizabeth Warren, one of the proponents, believes this bill is necessary because of the spike in these infections: “Ransomware attacks have skyrocketed and we lack critical information to go after these criminals; my project will establish disclosure requirements when an affected organization makes a ransom payment, which will allow us to know how much money ransomware operators are generating and thus know more about their capabilities.”

U.S. Senator Elizabeth Warren

Rep. Deborah Ross also joined the project, as she believes it is necessary to have the necessary means to collect this information: “Unfortunately ransomware victims are not required to report these attacks or their consequences to any authority, which makes it difficult to understand these attacks and counter cybercriminals.”

The proposal has four main points, presented below:

  • Require ransomware victim organizations to disclose information about ransom payments no later than 2 days after making the payment, in addition to specifying the type of cryptocurrency used and any other details about the payment
  • Require DHS to make public ransomware information disclosed during the previous year, excluding information about entities that paid ransoms
  • Require DHS to establish a website through which individuals can voluntarily report the payment of a ransom
  • Order the Secretary of Homeland Security to conduct an analysis on the commonalities between ransomware attacks and the extent to which the use of cryptocurrency facilitated these attacks

Ransomware attacks have become one of the most significant security threats to the U.S. government, impacting critical infrastructure such as hospitals, health centers, universities, and military installations. According to US government data, between 2019 and 2020 ransomware attacks increased by up to 158%, so it is necessary for the authorities to address these attacks in a new way.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.