Lawmakers Could Bar Private Company Ransomware Payments

Lawmakers Could Bar Private Ransomware Payments

Lawmakers could introduce legislation banning private companies from making ransomware payments, MarketWatch reported.

Sen. Gary Peters of Michigan, the chairman of the Senate Homeland Security Committee, said during a Washington Post Live event that Congress is “not closing the door” on banning the payments, according to the report. He cited a $100 million Cyber Response and Recovery Fund in the bipartisan infrastructure bill from the summer, which was a move, in part, to cut down on the number of companies that feel they need to make the payments.

The FBI has said companies shouldn’t pay ransom to the fraudsters hacking computer networks. but private companies have been able to go their own way if they choose, the report stated.

Peters said the focus should be on “working with companies to understand that there are alternatives to paying a ransom, particularly if they get assistance from the federal government and look at the federal government as a partner,” according to the report.

The news coincides with an uptick in cyberattacks since the beginning of the pandemic. In June, President Joe Biden met with Russian President Vladimir Putin, leading to Biden pressing Putin to crack down on what he claimed were cybercrimes originating within Russian borders. Biden named 16 “critical infrastructure” sectors from the energy industry to water systems which should be “off-limits” to ransomware attacks, the report stated.

And earlier in October, the Biden administration put together a global summit to fight ransomware, bringing together leaders from more than 30 nations for virtual sessions, according to the report.

Meanwhile, a Treasury Department report stated American banks have recorded around $600 million in suspected ransomware payments in the first half of 2021. That comes out to more than the entirety of 2020.

Read more: Treasury Reports $590M in Suspected Ransomware Payments

The report came with guidance organizations need to follow to fight cyberattacks, including businesses taking more responsibility to stop attacks and to not pay ransom. Refusal to follow the guidance can end with penalties from the executive branch.