A bill designed to increase the visibility of foreign ransomware attackers has passed in the US House of Representatives.
The Reporting Attacks from Nations Selected for Oversight and Monitoring Web Attacks and Ransomware from Enemies Act (also known as the RANSOMWARE Act) will make it easier for the US to respond to ransomware attacks from foreign adversaries according to its author, Republican Florida Representative Gus Bilirakis.
The proposed legislation would amend the 2006 US Safe Web Act by mandating reporting of cross-border complaints relating to ransomware and other attacks.
The RANSOMWARE Act focuses on Russia, China, North Korea, and Iran, specifically identifying these countries when referring to alleged perpetrators of ransomware attacks. It targets individuals, governments, or other organizations in those countries accused of committing ransomware attacks against the US.
Under the law, the Federal Trade Commission (FTC) would send a report to the House Committee on Energy and Commerce and the Senate Committee on Commerce, Science, and Transportation every two years. The report would outline cross-border complaints received by the FTC, broken down by the alleged perpetrator.
The report would include the number of complaints involving ransomware, and a list of those that the FTC had acted upon or not acted upon.
In the bill, Bilirakis calls for the FTC to identify foreign agencies with which it has cooperated, and the results that it achieved. It would also identify any litigation that it had bought in foreign courts, noting the outcome.
“We have seen an increase in cyber crimes against Americans,” Bilirakis said, announcing the bill. “These incidents underscore the importance of fortifying and modernizing our critical infrastructure to prevent and respond to cyber-attacks.”
Bilirakis introduced the legislation, HR 4551, in July 2021. It must now pass through the Senate before reaching the president’s desk.