Democrats propose law to mandate disclosure of ransomware payments by US companies


American companies targeted by ransomware attacks would be required to disclose payments made in connection with those incidents under a new law proposed in Congress.

Introduced by Senator Elizabeth Warren (D-MA) and Representative Deborah Ross (D-NC), the Ransom Disclosure Act would, per an announcement from earlier this week:

"[R]equire ransomware victims (excluding individuals) to disclose information about ransom payments no later than 48 hours after the date of payment, including the amount of ransom demanded and paid, the type of currency used for payment of the ransom, and any known information about the entity demanding the ransom."

Additionally, the bill proposes that the U.S. Department of Homeland Security be required to make disclosure information available on an annual basis, though no identifying information about the payees would be disclosed. DHS leadership would also establish a web portal for voluntary disclosure and prepare a study "on commonalities among ransomware attacks and the extent to which cryptocurrency facilitated these attacks and provide recommendations for protecting information systems and strengthening cybersecurity."

"Ransomware attacks are skyrocketing, yet we lack critical data to go after cybercriminals. My bill with Congresswoman Ross would set disclosure requirements when ransoms are paid and allow us to learn how much money cybercriminals are siphoning from American entities to finance criminal enterprises -- and help us go after them," Warren said in a statement.

Ransomware as a cybersecurity challenge has taken on greater prominence over the course of 2021, with the Biden White House as well as Congress pushing for action in this area. Cryptocurrency as a payment method for such attacks has come under scrutiny, as evidenced by the particular nature of the proposed DHS reporting.

A new cryptocurrency-focused team announced Wednesday by the Department of Justice is focused in part on "tracing and recovery of assets lost to fraud and extortion, including cryptocurrency payments to ransomware groups."

Trending Stories

Get Your Crypto
Daily Brief

Delivered daily, straight to your inbox.

The Era of dFMI for Institutional Digital Asset Markets

Post-trade in capital markets today operates primarily based on provision of balance-sheet to off-set counterparty risk, either directly or indirectly, via settlement agents, CCPs and CSDs etc.  The issues with this ‘hub and spoke’ model are well known, including the resulting massive duplication of data, bifurcated processes, concentration of risk and subsequent deployment of capital and resources that could be better utilized. 
Read Full Story
Sponsored Post

Retail traders are here to stay, says eToro's US CEO

On this episode of The Scoop, eToro's newly appointed US lead Lule Demmissie explained why she doesn't see retail's newfound presence in the market subsiding anytime soon and how eToro plans to capitalize on growing the business across cryptocurrencies and stock trading.
Read Full Story
Jan 26, 2022, 4:23PM UTC