Security News > 2021 > November > Congress Mulls Ban on Big Ransom Payouts Unless Victims Get Official Say-So

Congress Mulls Ban on Big Ransom Payouts Unless Victims Get Official Say-So
2021-11-11 17:54

"Ransomware payments in the U.S. have totaled more than $1 billion since 2020. Most notably, this past May, a Russian ransomware attack forced Colonial Pipeline to shut down oil supplies to the eastern United States before the company paid hackers. As disruptive as this hack was, it pales in comparison to what would happen if America's critical financial infrastructure were to be taken offline," he said.

"That's why I'm introducing the Ransomware and Financial Stability Act of 2021. This bill will help deter, deny and track down hackers who threaten the financial institutions that make the day-to-day economic activity possible. The legislation will also provide long-overdue clarity for financial institutions that look to Congress for rules of the road as ransomware hacks intensify."

"Ransomware is rampaging into a national security threat, and as ransomware gangs become wealthy due to payments, they are further professionalizing and using their ill gotten gains to fund faster weaponization of exploits and to buy zero-days off the shelf to gain entry for their next round of ransomware," he said via email.

The Digital Shadows Photon Research Team put it all in perspective: The potential ban on paying big ransomware is "Yet another part of the recent legislative push towards a stronger foothold on ransomware," the team said in an email to Threatpost on Thursday.

"Banning financial firms from making ransomware payments of more than $100,000 would not necessarily deter them from paying ransoms, however. The cost of a ransomware attack is not from the price of a ransom alone; downtime, recovery and reputational loss could easily cost financial firms over the proposed payment ceiling."

"The bottom line is that ransomware operators will be encouraged by conducting their activity in whatever way makes them money. As long as victims pay, ransomware attacks will almost certainly continue," it said.


News URL

https://threatpost.com/congress-ban-ransomware-payouts/176213/