US Senators Urge CISA to Incorporate Rules for Ransomware Reporting

US senators have urged the CISA to enforce new ransomware reporting rules amid a sharp increase in the attacks targeting various corporations. 

According to the report on ransomware issued on May 24, US Senate Homeland Security and Governmental Affairs Committee have urged the Cybersecurity and Infrastructure Security Agency (CISA) to incorporate new rules for ransomware reporting as soon as possible to prevent the rising attacks. The US schools, local government and healthcare facilities have been prime targets of these attacks since 2,323 ransomware attacks have been reported in 2021. 

The chairman Gary Peters and his staff conducted interviews with the federal law enforcement and regulatory agencies that assist the ransomware victims. “Each of the interviewees advocated for increased data collection regarding illicit actors’ methods and ransom payments to better understand the ever-evolving landscape of ransomware attacks and illicit uses of cryptocurrency.” as mentioned in the report. 

Efforts for a cyber incident reporting bill to be passed and signed into law earlier this year were carried out by Peters, in which organisations have to report data breaches in 72 hours and ransomware payments in 24 hours to CISA. It may take years for the law to be fully incorporated.

The FBI received 3,729 complaints reporting a loss of more than $49.2 million. The Committee repeatedly claimed throughout the report that the legislators are unsure about what policy should be implemented to combat these ransomware attacks due to the lack of data. 

A statement issued by the Committee stated “The lack of data on ransomware attacks and cryptocurrency ransom payments blunts the effectiveness of available tools for fighting ransomware attacks including U.S. sanctions, law enforcement efforts, and international partnerships, among other tools.”

The report put forwards the recommendations for the CISA to incorporate a new ransomware payment reporting mandate as quickly as possible and standardize the existing federal law on ransomware incidents to enable comprehensive analysis. 

Suggested Read: US Sanctions Russian Crypto Firm Over Ransomware Payments