U.S. Reps. Patrick McHenry (R-NC) and Brittany Pettersen (D-CO) introduced legislation last week that is designed to deter hackers and establish guide rails for financial institutions to respond to ransomware attacks.
Specifically, the Ransomware and Financial Stability Act seeks to deter hackers by prohibiting large ransomware payments in excess of $100,000 unless law enforcement provides a Ransomware Payment Authorization or the President determines a waiver is in the U.S. national interest. It also requires covered entities to notify the Treasury Department before making a ransomware payment.
It also ensures reports made by institutions to authorities about ransomware attacks are kept confidential. In addition, it gives clarity to financial institutions, including ransomware payment processors, by creating a safe harbor when they assess a cybersecurity attack or comply with a Ransomware Payment Authorization.
“Ransomware attacks pose a serious threat to the stability of our financial system,” McHenry said. “The bipartisan Ransomware and Financial Stability Act will help deter, deny, and track down cyber criminals who threaten the financial infrastructure that makes everyday economic activity possible. Our legislation sets commonsense guardrails to guide how critical institutions respond to ransomware attacks—helping protect both consumers and the financial institutions they rely on. I’m proud to reintroduce this bill with Congresswoman Pettersen and continue the Committee’s work to hold bad actors accountable.”
McHenry is the chairman of the House Financial Services Committee.
“For years, criminals have been utilizing ransomware to scramble organization’s data and then blackmail them into paying ransoms before releasing the information. These scams can have major impacts on everything from oil with the Colonial Pipeline to state agencies like an attack in recent years on the Colorado Department of Transportation,” Pettersen, a member of the House Financial Services Committee, said. “The impacts of ransomware attacks on our financial system could be devastating if we don’t intervene.”