The Clearing House Real-Time Payments Tracker May 2024 Banner

Bill Proposes Deterrents for Ransomware Hackers, Guidelines for Financial Institutions

The U.S. House of Representatives will again consider a bill designed to protect the country’s financial infrastructure from ransomware attacks.

The bipartisan “Ransomware and Financial Stability Act” was reintroduced Thursday (April 11) by House Financial Services Committee Chairman Patrick McHenry, R-N.C., and Rep. Brittany Pettersen, D-Colo., the representatives said in a Thursday press release.

Ransomware is a form of malicious software that infiltrates computer networks and can involve encrypting files and demanding payment in exchange for the decryption keys, PYMNTS reported in February.

In 2023, ransomware payments surpassed $1 billion, according to Chainalysis.

The legislation introduced Thursday includes deterrents targeting hackers as well as guiderails to help financial institutions respond to ransomware attacks, according to the representatives’ press release.

It focuses on critical financial infrastructure, including financial market utilities, large securities exchanges and certain technology service providers that support banks’ core processing services, the release said.

To give institutions a road map for when they are facing a ransomware attack, the bill requires those covered by the rules to notify the Treasury Department before making a ransomware payment and prohibits ransomware payments of more than $100,000 unless authorized by law enforcement or the president, per the release.

The limit on payments is meant to help deter hackers, according to the release.

The bill would also provide legal clarity to those responding to attacks by ensuring that the reports they make to authorities about the attacks are kept confidential and by creating a “safe harbor” for financial institutions that assess a cybersecurity attack or comply with a Ransomware Payment Authorization, per the release.

“The bipartisan Ransomware and Financial Stability Act will help deter, deny and track down cybercriminals who threaten the financial infrastructure that makes everyday economic activity possible,” McHenry said in the release. “Our legislation sets commonsense guardrails to guide how critical institutions respond to ransomware attacks — helping protect both consumers and the financial institutions they rely on.”

Pettersen added that a range of entities have been targeted by ransomware attacks, including one in the oil industry and a state agency.

“The impacts of ransomware attacks on our financial system could be devastating if we don’t intervene,” Pettersen said in the release.