New Bill Seeks to Force Ransomware Payment Disclosure

A new US legislative bill was introduced this week, as a bicameral effort, proposed by Senator Elizabeth Warren and representative Deborah Ross. The legislative proposal is called the Ransom Disclosure Act and it has caused a bit of a stir.

The bill aims to make information disclosure on part of ransomware victims mandatory, regulated and much more immediate. Under the proposed changes, ransomware victims would need to disclose any payment made to the threat actor involved in the attack, the amount the hackers requested as well as the specific currency used in the ransom payment exchange.

The bill is presented as a much-needed tool in understanding the scope and details of ransomware attacks, but it has been regarded by some as a step to put ransomware victims in an even tighter spot and cause more concern for them.

While information disclosure seems like a good thing, and even though the bill does not plan for the inclusion of company details from the reports to be produced by the Department of Homeland Security, according to analysts the data submitted is still not properly protected from disclosure requests made under the Freedom of Information Act, as well as additional forms of possible disclosure.

The situation is further complicated by the fact that almost all ransomware threat actors have adopted multiple venues of extortion. Ransomware gangs would now commonly threaten to leak significant amounts of exfiltrated sensitive victim information in case the victim so much as contacts the authorities. If the bill is passed, this would leave ransomware victims no choice and would no doubt lead to significant leaks of sensitive information in future attacks.

A point could be made that victims of more common everyday crimes such as burglaries are not required by law to report the crime to the police. As an extension of this line of thought, some believe ransomware victims who did not have data exfiltrated from their network should not be forced to report the attack as well. However, in the past few months, almost every single ransomware attack was accompanied by data theft and exfiltration, so this is a possibility that is not very common in reality. Ransomware has been on the rise for several years on end now, with reports stating that just over the course of the global Covid-19 pandemic that started in early 2020, ransomware attacks have grown a staggering 72 percent.