Bill Would Require Victims to Disclose Ransomware Payments in 48 Hours


A proposed bill would require victims of ransomware to disclose that they had paid a ransom within a 48-hour window.

Inside the Details of the Bill

On October 5, 2021, United States Senator Elizabeth Warren (D-Mass.) announced that she and Representative Deborah Ross (D-N.C.) had introduced the Ransom Disclosure Act.

“Ransomware attacks are skyrocketing, yet we lack critical data to go after cybercriminals,” Senator Warren said, as quoted in a press release. “My bill with Congresswoman Ross would set disclosure requirements when ransoms are paid and allow us to learn how much money cybercriminals are siphoning from American entities to finance criminal enterprises -- and help us go after them.”

The bill itself consists of four main provisions. These are as follows:

  1. Ransomware victims (not including individuals) would need to disclose information about ransom payments within 48 hours after having fulfilled those demands. Such information would need to include the amount of the ransom demanded by the attackers, the date when they paid the ransom, the type of currency they used to pay the ransom, whether the victim was receiving funding from the federal government at the time of payment, and any details they might know about the entity that demanded the ransom.
  2. The U.S. Department of Homeland Security (DHS) would create a website through which individuals could voluntarily report the payment of ransom demands.
  3. DHS would make ransom payment information reported in the previous year available to the public. Before doing so, it would remove any information that someone could use to identify the reporting victims.
  4. The DHS Secretary would review the ransom payment information and use it to analyze ransomware attacks for commonalities such as the extent to which cryptocurrency helped to facilitate payment in the disclosed attacks. They would then submit a report proposing recommendations on how the U.S. government could help to protect information systems and strengthen the nation’s cybersecurity.

Other Counter-Ransomware Efforts at the Federal Level

The Ransom Disclosure Act isn’t the first counter-ransomware effort announced by federal officials in recent weeks. On September 21, for instance, the Office of Foreign Assets Control (OFAC) at the U.S. Department of the Treasury designated cryptocurrency exchange SUEX for its role in helping to facilitate ransomware payments. That same day, OFAC updated its advisory on the sanctions risks that come with paying ransomware attackers. The new version discouraged organizations and users from giving into ransomware actors’ demands, and it urged them to contact law enforcement in the event they suffered an infection.

Less than two weeks later, the Biden Administration revealed that it was planning to convene a meeting of 30 countries at the White House to cooperate on addressing the ransomware threat. The Administration said that the resulting alliance would specifically work “to accelerate our cooperation in combatting cybercrime, improving law enforcement collaboration, stemming the illicit use of cryptocurrency, and engaging on these issues diplomatically,” as quoted by CNN at the time of the announcement.

Defending Against Ransomware

It’s unclear what impact the Ransom Disclosure Act could have on compliant ransomware victims if passed. As pointed out by Bleeping Computer, for example, many believe that efforts at forcing victims to disclose ransom payments “would merely result in making ransomware attack repercussions more severe.”  Acknowledging that viewpoint, it’s important for organizations to focus on preventing a ransomware infection from occurring in the first place. They can do that by investing in an email security solution that uses multiple layers of analysis to scan incoming messages for indicators of ransomware and other digital threats.

Step up your organization’s anti-ransomware efforts with Zix | AppRiver. We offer Email Threat Protection to prevent infiltration through email, one of the top ransomware threat vectors.  It’s also a good time to get proactive with your resilience strategy by implementing Cloud-to-Cloud Backup – so you have access to a clean copy of your data and point-in-time recovery capability in the event of a ransomware attack.