Senators introduce bipartisan bill targeting foreign nations that support ransomware

Two bipartisan US senators have introduced a bill that aims to strengthen the cyber security of critical infrastructure and target foreign governments that harbour cyber criminals, in the wake of an increase of cyber attacks on the US.

The “Sanction and Stop Ransomware Act” was introduced yesterday by Republican senator Marco Rubio and Democrat Dianne Feinstein.

It aims to designate as a state sponsor of ransomware any country that the secretary of state determines has provided support for ransomware campaigns, including providing safe haven for individuals or groups. The bill requires the president to impose sanctions and penalties on each state designated as a state sponsor of ransomware, “consistent with sanctions and penalties levied on and against state sponsors of terrorism”.

Furthermore, the legislation also aims to develop regulations for cryptocurrency exchanges to reduce the anonymity of accounts and users suspected of ransomware activity and make these records available to the US government in connection with ransomware incidents. It also looks to require the development of cyber security standards for critical infrastructure entities, which are consistent with existing federal regulations.

Lastly, it requires federal agencies, government contractors, and critical infrastructure operators and owners to report the discovery of “ransomware operations” within 24 hours, consistent with the Rubio-Warner-Collins Cyber Incident Notification Act, which requires government bodies to report “cyber intrusions” within 24 hours.

“Our bill will help the private and public sectors avoid ransomware attacks, reduce incentives to pay ransoms and hold foreign governments accountable if they provide a safe haven for ransomware perpetrators,” said Feinstein.

The bill will now be assigned to a committee to study before being voted on by the House of Representatives where it could then potentially move to the Senate if approved.

At the start of June, the US Department of Justice (DoJ) elevated ransomware investigations to a similar status as that of terrorism, following a series of attacks on the US, including the Colonial Pipeline hack. Internal guidance sent to US attorney’s offices stipulated that ransomware investigations should be centrally coordinated with a new task force in Washington. Investigating officers are then expected to share updated case details and technical information with officials in Washington.