New US bill to bar ransomware payments above $100,000

Getting your Trinity Audio player ready...

A U.S. congressman has introduced a new bill that’s meant to curb the rising threat of ransomware attacks. The bill requires all victims to report the attacks to the Treasury and to seek special approval if they have to pay in excess of $100,000 in ransom.

The bill was introduced by North Carolina’s Patrick McHenry, the senior Republican on the House Financial Services Committee. The Ransomware and Financial Stability Act aims at deterring hackers and “setting commonsense guardrails for financial institutions to respond to ransomware attacks.”

The bill is seeking to focus on protecting America’s critical financial infrastructure. It will limit its scope to financial market utilities, large securities exchanges, and certain technology service providers that it considers essential for banks’ core processing services.

Any victim of a ransomware attack will be required to report immediately to the Financial Crimes Enforcement Network (FinCEN), a department of the Treasury before any consideration of a ransomware payment, the bill states.

In cases of ransomware payments, the victim won’t be permitted to pay more than $100,000 unless authorities issue it with a Ransomware Payment Authorization or it receives a Presidential waiver to protect national interests.

This threshold would essentially mean that virtually all ransomware payments have to get an authorization. Hackers targeting businesses rarely ask for anything below $100,000. In fact, in 2020, the average ransomware demand was $847,000, according to a report by cybersecurity giant Palo Alto Networks. This figure shot up 518% in the first half of 2021 to $5.3 million, the firm said in its ransomware report.

Once FinCEN receives the report of the ransomware attack, it must ensure confidentiality of such information. This will be key if the bill is to push through into law. For many enterprises, confidentiality is critical. This is why most victims have opted to meet huge ransomware demands just to keep the attacks under wraps.

McHenry commented, “This bill will help deter, deny, and track down hackers who threaten the financial institutions that make day-to-day economic activity possible. The legislation will also provide long overdue clarity for financial institutions that look to Congress for rules of the road as ransomware hacks intensify.”

Watch: U.S. Congressman Patrick McHenry on Blockchain Policy Matters with Bitcoin Association’s Jimmy Nguyen