A US Congressman has introduced a new bill meant to curb the rising threat of ransomware attacks. The Bill requires victims to seek “special approval”.
The Bill was introduced by North Carolina’s Patrick McHenry, the senior Republican on the House Financial Services Committee. So, the Bill requires all victims to report the attacks to the Treasury and to seek special approval if they have to pay in excess of $100,000 in ransom.
The Ransomware and Financial Stability Act aims at deterring hackers and “setting commonsense guardrails for financial institutions to respond to ransomware attacks”.
Moreover, the Bill fosters to protect the American critical financial infrastructure. It will limit its scope to financial market utilities, large securities exchanges, and certain technology service providers, which are considered essential for banks’ core processing services.
The New US Ransomeware Course Route
Any victim of the attack will be required to report immediately to the Financial Crimes Enforcement Network (FinCEN), a department of the Treasury, before any consideration of a ransomware payment, the bill states.
In cases of the payments, the victim won’t be permitted to pay more than $100,000. Unless authorities issue it with a Ransomware Payment Authorization or it receives a Presidential waiver to protect national interests.
This threshold would essentially mean that virtually all ransomware payments have to get authorization. Hackers targeting businesses rarely ask for anything below $100,000. In fact, in 2020, the average ransomware demand was $847,000, according to a cybersecurity giant Palo Alto Networks report. This figure shot up 518% in the first half of 2021 to $5.3 million, the firm said in its ransomware report.
Once FinCEN receives the report of the ransomware attack, it must ensure confidentiality of such information. This will be key if the Bill is to push through into law. For many enterprises, confidentiality is critical.
McHenry commented, “This Bill will help deter, deny, and track down hackers who threaten the financial institutions that make the day-to-day economic activity possible. The legislation will also provide long-overdue clarity for financial institutions that look to Congress for rules of the road as ransomware hacks intensify.”
Also, check out: