Warren Calls for Stronger Ransomware Law

ransomware

U.S. Sen. Elizabeth Warren and Rep. Deborah Ross have introduced legislation that gives the Department of Homeland Security more data on ransomware payments.

The Ransomware Disclosure Act, introduced Wednesday (Oct. 6), is designed to provide a greater understanding of how cybercriminals operate and give a better picture of the overall ransomware threat.

“Ransomware attacks are skyrocketing, yet we lack critical data to go after cybercriminals,” said Warren, a Democrat from Massachusetts and 2020 presidential candidate.

“My bill with Congresswoman Ross would set disclosure requirements when ransoms are paid and allow us to learn how much money cybercriminals are siphoning from American entities to finance criminal enterprises — and help us go after them,” Warren said.

“Ransomware attacks are becoming more common every year, threatening our national security, economy, and critical infrastructure,” said Ross, a North Carolina Democrat.

“Unfortunately, because victims are not required to report attacks or payments to federal authorities, we lack the critical data necessary to understand these cybercriminal enterprises and counter these intrusions.”

Ransomware attacks in North America increased by 158 percent between 2019 and 2020, compared to a 62 percent rise worldwide.

The FBI received close to 2,500 complaints about ransomware in 2020, a 20 percent increase from the year before.

Some of these attacks have involved major pieces of infrastructure, such as the ones on the Colonial Pipeline, a crucial East Coast fuel source, and JBS, one of the country’s largest meat suppliers, leading the White House to institute a task force to deal with ransomware.

Read more: White House Ransomware Task Force Tries To Stem The Tide Of Attacks

The legislation by Warren and Ross will require companies and organizations that are ransomware victims to disclose information about ransom payments within 48 hours after the payment has been made, including the amount of ransom demanded and paid, the currency used for payment and any information about the entity demanding the ransom.

It would also require DHS to publicize the information disclosed during the previous year and set up a website where people can voluntarily report payments.