CATEGORIES
home News

Proposed Ransomware Law Would Add Insult To Injury For Hacking Victims

by Tim SweezyFriday, October 08, 2021, 11:16 AM EDT
ransomware1

Ransomware attacks are on the rise, and it may feel like there is no recourse for many victims. A new law has been proposed in the United States by Senator Elizabeth Warren and Congresswoman Deborah Ross to attempt to address that, but with an added dilemma.

The new law, the Ransomware Disclosure Act, would require businesses to disclose any ransom payments within 48 hours of the payment to the Department of Homeland Security (DHS). If the bill passes, victims who decide to pay the ransom will be required to report the payment sum, the currency, and any information they have about those who are demanding payment.

The Ransomware Disclosure Act would not require everyone who is a victim of ransomware to report it to the DHS. It will only be applicable to those who choose to pay the ransom. And this brings about the aforementioned dilemma: to pay and report it, which can be embarrassing for the victim, or not to pay.

Often businesses will opt to pay the ransom because it is the fastest way to recover from the attack. There is a risk in doing business this way, however, because they are not guaranteed their systems will be restored and data returned. Paying the ransom could also make them a more likely target for more attacks in the future.

On the flip side, businesses that decide not to pay the ransom face large losses because of the downtime and could have their reputation damaged if the attacker decides to publish all their data online. Twitch is one recent example where leaked data can result in a loss of reputation.

ransomwarelaw

Senator Warren says about, the Ransomware Disclosure Act (PDF), "Ransomware attacks are skyrocketing, yet we lack critical data to go after cybercriminals. [The bill] would set disclosure requirements when ransoms are paid and allow us to learn how much money cybercriminals are siphoning from American entities to finance criminal enterprises - and help us go after them." She says that the act is designed to give the DHS the vital intelligence it needs to disrupt the economics of ransomware.

Congresswoman Ross added, "Unfortunately, because victims are not required to report attacks or payments to federal authorities, we lack the critical data necessary to understand these cybercriminal enterprises and counter these intrusions."

While ransomware is an issue that needs to be addressed, is the government simply adding insult to injury? Is requiring victims to disclose that they decided to pay the ransom and all the information that goes along with that necessary for the DHS and the US government to combat ransomware more effectively? Let us know your thoughts down in the comments.

Tags:  Hacking, Hack, Hackers, Ransomware, ransomware law
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment