A U.S. congressman has introduced a new bill with an aim to curb the rising threat of ransomware attacks. The bill requires all victims to report the attacks to the Treasury and seek special approval if they have to pay $100,000 in ransom. The new bill was introduced by North Carolina’s Patrick McHenry, the senior Republican on the House Financial Services Committee.
The Ransomware and Financial Stability Act aims to curb ransomware attacks.
The Ransomware and Financial Stability Act aims at deterring hackers and “setting commonsense guardrails for financial institutions to respond to ransomware attacks.” The bill is seeking to focus on protecting America’s critical financial infrastructure. It will limit its scope to financial market utilities, large securities exchanges, and certain technology service providers that it considers essential for banks’ core processing services. According to the bill, any victim of a ransomware attack will be required to report immediately to the Financial Crimes Enforcement Network (FinCEN) before any consideration of a ransomware payment.
Any ransomware victim won’t be permitted to pay more than $100,000 without permission.
Any victim of a ransomware attack won’t be permitted to pay more than $100,000 unless authorities issue it with a Ransomware Payment Authorization or it receives a Presidential waiver to protect national interests. This threshold would essentially mean that virtually all ransomware payments have to get authorization. Hackers targeting businesses rarely ask for anything below $100,000. In fact, in 2020, the average ransomware demand was $847,000, according to a cybersecurity giant Palo Alto Networks report. This figure shot up 518% in the first half of 2021 to $5.3 million, the firm said in its ransomware report.