Senators Target Ransomware by Targeting Countries That Allow It

WASHINGTON (Reuters) -
Sen. Marco Rubio, R-Fla. (Gabriella Demczuk/The New York Times via AP, Pool)

Two senior U.S. senators planned legislation on Thursday that would fight ransomware attacks on U.S. infrastructure by sanctioning countries that harbor cybercriminals, as well as by strengthening protections against attacks.

Senators Marco Rubio, the Republican vice chairman of the Senate Intelligence Committee, and Democrat Dianne Feinstein, a senior member of the intelligence and judiciary committees, planned to introduce the “Sanction and Stop Ransomware Act” on Thursday.

According to a copy of the bill seen by Reuters, it would require development of cybersecurity standards for critical infrastructure, tighten regulation of cryptocurrency – which is often demanded as ransom – and direct the State Department and intelligence community to designate as a “state sponsor of ransomware” any country deemed to provide support for ransomware demand schemes.

The threat of ransomware attacks against U.S. infrastructure came home to Americans on the East Coast when an attack against the Colonial Pipeline Co. in May led to widespread shortages at gas stations.

The Justice Department was later able to help the company recover some $2.3 million in cryptocurrency ransom it paid to hackers.

About $350 million in ransom was paid to cybercriminals in 2020, a more than 300% increase from the previous year, the department said.

President Joe Biden last month warned that if the United States ended up in a “real shooting war” with a major power it could be the result of a significant cyberattack on the United States, highlighting what Washington sees as a growing threat posed by hackers from Russia, China, Iran and North Korea.