Security News > 2021 > October > Ransom Disclosure Act would give victims 48 hours to report payments
Victims of ransomware attacks in the United States may soon have to report any payments to hackers within 48 hours, according to a new legislation proposal titled the 'Ransom Disclosure Act'.
Require ransomware victims to disclose information about ransom payments no later than 48 hours after the date of payment, including the amount of ransom demanded and paid, the type of currency used for payment of the ransom, and any known information about the entity demanding the ransom;.
Require DHS to establish a website through which individuals can voluntarily report payment of ransoms;.
The approach of forcing victims to disclose payments to hackers has always been met with controversy, as many believe that it would merely result in making ransomware attack repercussions more severe.
The case becomes particularly complicated when the ransom payment ends up in the pockets of an entity that is sanctioned in the U.S. The Treasury Department has recently updated its advisory to American companies, to emphasize that they are prohibited from paying actors in embargoed countries and entities in the SDN List.
Eliminating the risk completely is practically impossible, so in many cases, the Ransom Disclosure Act will just play the role of an additional burden.