Lawmakers say US ransomware payments should be disclosed | National

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


WASHINGTON — More transparency is needed into what kind of cash payments are made after ransomware attacks, a top Democrat said, following a recent spate of cyberattacks aimed at U.S. companies.

Mark Warner, chairman of the Senate Intelligence Committee, spoke days after a top U.S. meat producer needed to shut down facilities that account for almost a quarter of American beef supplies after a cyber incident.

“Not only are the companies often not reporting that they are attacked, but they’re not reporting the ransomware payments,” Warner said on NBC’s “Meet the Press.”

It’s “worth having” a debate over whether to make paying ransoms illegal for U.S. companies, said Warner, who’s also co-chair and founder of the Senate Cybersecurity Caucus.

Energy Secretary Jennifer Granholm, on NBC’s “Meet the Press,” backed a possible ban on ransomware payments.

“We need to send this strong message that paying a ransomware only exacerbates and accelerates this problem. You are encouraging the bad actors when that happens,” she said.

The cyberattack on JBS USA followed the incident in May where Colonial Pipeline Co. was forced to shut the largest East Coast gasoline pipeline network for days after a cyberattack.

Both incidents have been tied to Russian-based hackers, and the issue will be on the agenda when President Joe Biden meets with Russian President Vladimir Putin on June 16.

Sen. Angus King of Maine, an independent who caucuses with Democrats and is also on the intelligence panel, said private companies should be subject to mandatory reporting of a breach but also receive liability protection, creating “an entirely new relationship between the federal government and private sector.”

“There has to be trust. And there has to be real-time” reporting, King said on CNN’s “State of the Union.” “I mean, the Colonial Pipeline, my understanding is, it wasn’t reported to the government for four or five days. I think they’d already paid the ransom.”

Commerce Secretary Gina Raimondo stopped short of proposing that the U.S. government require businesses to security their technology in specific ways.

Instead, the Biden…

Source…