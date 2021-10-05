Businesses may soon be required to reveal ransomware payouts.

Senator Elizabeth Warren of Massachusetts and Representative Deborah Ross of North Carolina announced the launch of the Ransom Disclosure Act today in a news release, which would oblige businesses that are victims of ransomware attacks to disclose payment details.

Victims of attacks would be obliged to report information to the Department of Homeland Security (DHS) within 48 hours of payment, including the amount paid, the currency used, and any information about the entity demanding the ransom.

According to Warren and Ross, the Department of Homeland Security will obtain data on ransomware payments as a result of the bill’s passage, which will help them better understand how cybercriminal companies work.

“Ransomware attacks are on the rise, yet we lack essential information to pursue cybercriminals,” Warren said in a statement. “My bill, which I co-sponsored with Congresswoman Ross, would mandate transparency when ransoms are paid, allowing us to determine how much money hackers are siphoning from American entities to fund criminal enterprises and assisting us in our pursuit of them.”

Ransomware assaults increased by 62 percent globally and 158 percent in North America between 2019 and 2020, according to data from cybersecurity firm SonicWall included in the press release. In 2020, the FBI received around 2,500 ransomware reports, up 20% over the total recorded in 2019.

The size and frequency of these attacks have a negative impact on these businesses and the American economy as a whole. Attacks can not only shut down organizations that provide crucial services, but they also cost over $29 million in 2020, according to the SonicWall research.

While the bill’s main focus is on requiring victims to report ransom payments to the Department of Homeland Security, it also includes three other criteria.

The Department of Homeland Security would have to make the information it collects on attacks public, with the exception of identifying information on the businesses involved. It would also necessitate a DHS portal via which victims may report ransom payments. Finally, it would order the DHS secretary to conduct a study on the commonalities across attacks, as well as the involvement of cryptocurrencies in them.

“Unfortunately, we lack the essential data needed to understand these cybercriminal businesses and resist these incursions since victims are not obligated to report attacks or payments to federal authorities,” Ross added. “The United States cannot continue in this manner. This is a condensed version of the information.