A new bill introduced this week would mandate that victims of ransomware attacks disclose payments made to hackers to the Department of Homeland Security (DHS).
The Ransom Disclosure Act requires victims to report ransoms within 24 hours of payment.
The bill also mandates DHS to make payment information available to the public via a website.
Ransomware attacks have been on the rise in recent years, targeting public and private institutions. This year’s high-profile victims included D.C.’s police department and the Colonial Pipeline.
Cyberattacks rose 62% from 2019 to 2020 worldwide, according to a report from cybersecurity company SonicWall.
Sen. Elizabeth Warren (D-Mass.) and Rep. Deborah Ross (D-N.C.) are co-sponsoring the bill.
In a statement, Warren said the bill will “allow us to learn how much money cybercriminals are siphoning from American entities to finance criminal enterprises—and help us go after them.”
“Unfortunately, because victims are not required to report attacks or payments to federal authorities, we lack the critical data necessary to understand these cybercriminal enterprises and counter these intrusions,” Ross also said in the statement.
Colonial Pipeline paid $5 million to the cybercrime gang that attacked it. Though the government retrieved much of that money, it shows that these attacks can be large windfalls for criminals.
“The U.S. cannot continue to fight ransomware attacks with one hand tied behind our back,” Ross said.