Ransom Disclosure Act Would Require Victims to Report Payments to DHS

October 18, 2021 - Senator Elizabeth Warren (D-MA) and Representative Deborah Ross (D-NC) introduced the Ransom Disclosure Act, which aims to require ransomware victims to report ransom payment information to the Department of Homeland Security (DHS) while providing the government with critical data on cybercriminal enterprises.

Specifically, the act would require ransomware victims (excluding individuals) to disclose ransom information within 48 hours of the time of payment. Victims must tell DHS the amount of ransom demanded and paid, any known information about the cybercriminals requesting the ransom, and the currency used to pay the ransom, according to the bill.

The Ransom Disclosure Act would also require DHS to disclose ransom information to the public regarding attacks committed during the previous year. To protect victims, DHS will omit any identifying information about the entities that paid ransoms.

DHS would also be required to establish a website where individuals can easily report ransomware payments. The Secretary of Homeland Security would have to conduct a study on ransomware trends and the role of cryptocurrency in facilitating the attacks. In the study, DHS would provide recommendations for strengthening cybersecurity and bolstering information systems.

“Ransomware attacks are becoming more common every year, threatening our national security, economy, and critical infrastructure,” Ross stated in a press release.

“Unfortunately, because victims are not required to report attacks or payments to federal authorities, we lack the critical data necessary to understand these cybercriminal enterprises and counter these intrusions. The data that this legislation provides will ensure both the federal government and private sector are equipped to combat the threats that cybercriminals pose to our nation.”

Ransomware attacks increased by 62 percent worldwide and 158 percent in North America between 2019 and 2020, according to the FBI’s 2020 internet crime report.

A recent report from Mandiant Intelligence discovered that over 70 percent of FIN12 ransomware group’s cyberattacks were targeted at US-based entities. Nearly 20 percent of the group’s attacks were aimed at the healthcare sector.

“Ransomware attacks are skyrocketing, yet we lack critical data to go after cybercriminals,” Warren maintained. 

“My bill with Congresswoman Ross would set disclosure requirements when ransoms are paid and allow us to learn how much money cybercriminals are siphoning from American entities to finance criminal enterprises—and help us go after them.”

With additional insight into ransomware trends and cybercriminal group characteristics, the public and private sectors will have a better chance of outsmarting hackers and implementing adequate cybersecurity measures.

Major ransomware groups such as REvil/Sodinokibi, OnePercent, Hive, Conti, and BlackMatter are proving to be significant threats to the healthcare sector in particular. McAfee’s quarterly cyber threat report revealed that REvil/Sodinokibi was connected to 73 percent of ransomware detections in Q2 2021.

The FBI strongly discourages paying ransoms to cybercriminals, since it tends to motivate them to commit more attacks. In addition, paying a ransom does not guarantee that an organization’s data is safe from harm.