Cybersecurity experts say there are questions about this legislation that need to be addressed.

Edward Gately, Senior News Editor

October 7, 2021

6 Slides

A proposed law, the Ransom Disclosure Act, would give ransomware victims 48 hours to report ransom payments, including type of payment, to the federal government.

U.S. Sen. Elizabeth Warren and U.S. Rep. Deborah Ross introduced the Ransom Disclosure Act this week. The bill provides the Department of Homeland Security (DHS) with data on ransomware payments. The purpose is to bolster the federal government’s understanding of how cybercriminal enterprises operate and develop a fuller picture of the ransomware threat.

Ransomware attacks are skyrocketing, yet we lack critical data to go after cybercriminals,” Warren said when announcing the bill. “My bill with Congresswoman Ross would set disclosure requirements when ransoms are paid and allow us to learn how much money cybercriminals are siphoning from American entities to finance criminal enterprises, and help us go after them.”

U.S. Unprepared to Fight Ransomware

Ransomware attacks are becoming more common every year, threatening national security, the economy and critical infrastructure, Ross said.

“Unfortunately, because victims are not required to report attacks or payments to federal authorities, we lack the critical data necessary to understand these cybercriminal enterprises and counter these intrusions,” she said. “The U.S. cannot continue to fight ransomware attacks with one hand tied behind our back. The data that this legislation provides will ensure both the federal government and private sector are equipped to combat the threats that cybercriminals pose to our nation.”

In addition to the ransom reporting requirement, the Ransom Disclosure Act would require the DHS to:

  • Commission a study on the relationship between ransomware and cryptocurrency.

  • Make public certain information about ransomware from the past year.

  • Establish a site for individuals to voluntarily report ransom payments.

Cybersecurity Experts Have Their Say

Cybersecurity experts have varying thoughts on the legislation.

Tim Wade is technical director and CTO at Vectra.

Wade-Tim_Vectra.jpg

Vectra’s Tim Wade

“While studying and facilitating the voluntary reporting of ransomware payments both sound to be well within reasonable bounds, I question the prudence of compelling non-voluntary disclosure by private parties who determine that such disclosure is not in their best interests, or the best interests of their stakeholders and shareholders,” he said. “Such actions would appear to weaken some standards of privacy, fairness and liberty with respect to individual protections and the choices individuals may make with respect to their best interests within their rights.”

Scroll through our slideshow above for more on the Ransom Disclosure Act and more cybersecurity news.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

 

Read more about:

MSPsChannel Research

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like