Two senior U.S. senators introduced legislation in August 2021 that would fight ransomware attacks on U.S. infrastructure by strengthening protections against the attacks and by sanctioning countries that harbor cybercriminals.
Senators Marco Rubio, the Republican vice chairman of the Senate Intelligence Committee, and Democrat Dianne Feinstein, a senior member of the intelligence and judiciary committees, introduced the Sanction and Stop Ransomware Act.
The bill would require development of cybersecurity standards for critical infrastructure, tighten regulation of cryptocurrency, which is often demanded as ransom, and direct the U.S. State Department and intelligence community to designate as a “state sponsor of ransomware” any country deemed to provide support for ransomware demand schemes.
“Ransomware attacks threaten the health and safety of countless Americans,” Rubio said in a joint statement with Feinstein on his U.S. Senate website. “Our bipartisan bill provides the tools necessary to help safeguard critical infrastructure while discouraging and disrupting these criminal organizations, including the regimes who harbor them. It is time for the United States to take strong, decisive action to protect American businesses, infrastructure and government institutions.”
The threat of ransomware attacks against U.S. infrastructure was realized by U.S. residents on the East Coast when an attack against the Colonial Pipeline Co. in May 2021 led to widespread shortages at gas stations.
The Justice Department was later able to help the company recover about U.S. $2.3 million in cryptocurrency ransom it paid to hackers. About U.S. $350 million in ransom was paid to cybercriminals in 2020, a more than 300% increase from the previous year, the department said.
U.S. President Joe Biden in July 2021 warned that if the United States ended up in a “real shooting war” with a major power, it could be the result of a significant cyberattack on the United States, highlighting what Washington sees as a growing threat posed by hackers from China, Iran, North Korea and Russia.
“Cybercriminals don’t discriminate — they target small companies, large corporations and government agencies using ransomware,” Feinstein said in the joint statement. “Congress must do more to support all organizations and companies struggling to deal with these escalating attacks. Our bill will help the private and public sectors avoid ransomware attacks, reduce incentives to pay ransoms and hold foreign governments accountable if they provide a safe haven for ransomware perpetrators.”
ILLUSTRATION CREDIT: ISTOCK