Elizabeth Warren’s ransomware bill would require cryptocurrency disclosures from victims

Sen. Elizabeth Warre
Sen. Elizabeth Warren.

  • A new bill would require ransomware victims to disclose the type of crypto they used to pay hackers.
  • The Ransom Disclosure Act is proposed by Sen. Elizabeth Warren and Rep. Deborah Ross.
  • The bill comes as ransomware attacks grew 62% worldwide and 158% in North America alone.

A new ransomware bill would require victims to disclose the type of cryptocurrency they used to pay their hackers within 48 hours after the transaction has been made.

The Ransom Disclosure Act, proposed by Democrats Sen. Elizabeth Warren and Rep. Deborah Ross, would also mandate compromised entities (not individuals) to give the Department of Homeland Security data on ransomware payments, including the amount demanded and the sum paid.

The bill also requires the DHS to publish pertinent information reported the previous year, create a website where individuals can voluntarily report payment of ransoms, and conduct a study on how cryptocurrency facilitated the attacks.

Separately, Democratic senators introduced bipartisan legislation on Monday requiring companies to report cyberattacks to the government.

The legislation comes as ransomware attacks grew 62% worldwide and 158% in North America alone – data from cybersecurity firm SonicWall’s 2021 report show – posing significant security threats and impacting critical infrastructure from military facilities to medical centers.

Cybercriminals often encrypt crucial files of businesses and hold the data for ransom until they are paid an amount in crypto. Cryptocurrencies such as bitcoin have been the favored payment method of hackers, as ownership can be difficult to trace.

These methods were on display during the Colonial Pipeline ransomware attack in April, which led to gas shortages and outages up and down the East Coast. A similar attack soon followed, with JBS, the world’s largest meat producer, falling victim.

At present, victims are not required to report attacks or ransom payments to federal authorities.

“Ransomware attacks are skyrocketing, yet we lack critical data to go after cybercriminals,” Warren said in a statement.