The US Senate Judiciary Committee convened a hearing to discuss the growing threat of ransomware. US Justice department officials strongly supported legislation requiring companies to report ransomware attacks and data breaches. Richard Downing, Deputy Assistant Attorney General for the Criminal Division of the US Department of Justice, stated that investigative opportunities are lost without immediate reporting. Lawmakers from both parties agreed that breach notification laws are necessary given the current frequency of ransomware attacks. Although many officials expressed a need for new legislation, they all agreed a full-out ban on ransomware payments was not necessary. FBI officials feared it would create another level of extortion by being blackmailed for paying a ransom and not sharing it with authorities.
Analyst Notes
New legislation on ransomware has been discussed at length by government officials and law enforcement and the two groups now seem to be aligned in their strategy to take on ransomware. Binary Defense analysts will continue to monitor any new legislation that is passed regarding ransomware. For organizations to stay informed, Binary Defense recommends organizations utilize the US DHS website, stopransomware.gov, which has links to resources that help organizations protect their systems from intrusions that lead to ransomware.
Justice Department officials urge Congress to pass ransomware notification law
