United States Senator Elizabeth Warren (D-Mass.) and Representative Deborah Ross (D-N.C.) introduced the Ransom Disclosure Act on Tuesday. It sets disclosure requirements for victims of ransomware.
Ransom Disclosure Act
Under the bill, victims of ransomware who pay their attackers would have to report the payment within 48 hours. Information would include the amount of ransom demanded and paid, the type of currency used for payment of the ransom, and any known information about the entity demanding the ransom.
Next, the bill would require the Department of Homeland Security (DHS) to publicly share information disclosed during the previous year, excluding identifying information about the entities that paid ransoms. The DHS would also be required to set up a website for individuals to voluntarily report payment of ransoms.
Finally, it would direct the Secretary of Homeland Security to conduct a study on commonalities among ransomware attacks and the extent to which cryptocurrency facilitated these attacks and provide recommendations for protecting information systems and strengthening cybersecurity.
As the report shows, these attacks are increasing. Between 2019 and 2020, ransomware attacks rose by 62% worldwide and 158% in North America. In 2020, the FBI received nearly 2,500 ransomware complaints, up 20% from 2019, which identified losses of over US$29 million.