US Senator Elizabeth Warren and Representative Deborah Ross introduced legislation that gives the Department of Homeland Security more data on ransomware payments.
The Ransomware Disclosure Act, introduced Wednesday (October 6), is designed to better understand how cybercriminals work and provide a better picture of the global ransomware threat.
“Ransomware attacks are skyrocketing, but we lack critical data to prosecute cybercriminals,” said Warren, Massachusetts Democrat and 2020 presidential candidate.
“My bill with MP Ross would establish disclosure requirements when ransoms are paid and let us know how much money cybercriminals are siphoning from US entities to fund criminal enterprises – and help us prosecute them,” said Warren.
“Ransomware attacks are becoming more and more common every year, threatening our national security, our economy and our critical infrastructure,” said Ross, a Democrat from North Carolina.
“Unfortunately, because victims are not required to report attacks or payments to federal authorities, we lack the critical data necessary to understand these cybercriminal businesses and counter these intrusions. “
Ransomware attacks in North America increased 158% between 2019 and 2020, compared to a 62% increase globally.
The FBI received nearly 2,500 ransomware complaints in 2020, a 20% increase from the previous year.
Some of these attacks involved major infrastructure, such as the Colonial Pipeline, a crucial East Coast fuel source, and JBS, one of the country’s largest meat suppliers, leading the White House to establish a task force to deal with ransomware.
Read more: White House ransomware task force tries to stem the tide of attacks
Warren and Ross’ legislation will require businesses and organizations that are victims of ransomware to disclose information about ransom payments within 48 hours of payment, including the amount of ransom requested and paid, the currency used for payment, and any information about the entity demanding the ransom.
It would also require DHS to publish information that leaked in the previous year and set up a website where people can voluntarily report payments.