Cyber Attack Victims Won't Be Allowed to Pay More Than $100K in Ransom Under New Bill


By Natalie Colarossi, Newsweek 



In an effort to combat the rising threat of costly ransomware attacks, a new bill has been introduced in Congress to bar certain entities affected by cyberattacks from issuing ransom payments of more than $100,000.


North Carolina Representative Patrick McHenry, the senior Republican on the House Financial Services Committee, introduced the Ransomware and Financial Stability Act last week to curb ransomware attacks and implement new guidelines for those affected by the breaches.


The bill seeks to protect critical infrastructure in the U.S. and will focus on financial market utilities, large securities exchanges, and technology service providers that are considered essential for banks' core processing services.


McHenry said in a statement that ransomware payments in the U.S. have totaled more than $1 billion over the past year, prompting the need to implement "commonsense guardrails for financial institutions to respond to ransomware attacks."


"Most notably, this past May, a Russian ransomware attack forced Colonial Pipeline to shut down oil supplies to the eastern United States before the company paid hackers. As disruptive as this hack was, it pales in comparison to what would happen if America's critical financial infrastructure were to be taken offline."


"This bill will help deter, deny, and track down hackers who threaten the financial institutions that make day-to-day economic activity possible. The legislation will also provide long-overdue clarity for financial institutions that look to Congress for rules of the road as ransomware hacks intensify," he added...