Different Reactions From the Cybersecurity Community Regarding the Ransomware Bill

Insights into the proposed bill on ransomware attacks and the possible effect.


A bill has been proposed requiring victims to disclose information about ransomware attacks to the authorities to help them combat and manage the attacks.

This information would help the DHS provide security steps and guidelines to the public to prevent more organizations from falling victim.
This information would help the DHS provide security steps and guidelines to the public to prevent more organizations from falling victim.
Key Facts
  1. 1

    A law regarding the information surrounding ransomware payment is being proposed.

  2. 2

    A 48hr timeframe would be given to victims of ransomware payment to disclose the information to the DHS (United States Department of Homeland Security).

  3. 3

    The community of cybersecurity members is expressing a range of mixed reactions to the bill.

  4. 4

    Members of the cybersecurity community opposing the bill note that the victims might further be affected if the information is disclosed.

  5. 5

    Supporters of the bill note that the information would help to bring the ransomware attacks under control.


In the wake of the recent surge in ransomware attacks, the U.S government has proposed a law that makes it compulsory for organizations that fall victim to ransomware attacks to disclose all information regarding payments to the authorities.

The law was introduced by Senator Elizabeth Warren and supported by Representative Deborah Ross and is directed at providing all necessary information that would help track and monitor the attackers' activities to the Department of Homeland Security, DHS. This information would help the DHS provide security steps and guidelines to the public to prevent more organizations from falling victim.

Ransomware victims would be compelled by the law to provide all information, including but not limited to the cryptocurrency used in making the ransom payment. The amount paid and all other information about the attackers should be disclosed within 48hours of payment.

Yearly, the DHS would, in turn, publish all information that it had been provided within the previous year on a website designed for reporting these attacks. However, the information from the DHS would not contain information about the victims but would link to necessary steps to take to prevent these attacks.

The proposed bill is receiving criticism as well as support from the cybersecurity community. From the people concerned about the news, the technical director of a CTO team at VetraAI Inc, Tim Wade, noted that the disclosure might not be in the best interest of the victims and their shareholders. He also noted that the law would invade the privacy and liberty of the affected individuals.

The founder of ImmuniWeb SA, Ilia Kolkchenko, also one of the persons opposing the bill, expressed the possibility of the DHS being overwhelmed by the number of reports it would receive and that the budget would not be increased to accommodate this. He suggested that the DHS join with the other law enforcement agencies to manage the attackers. The provided information should not be made public, as this would further put the victims at a disadvantage.

While the major point being made by the members of the community supporting the bill is that it would help curtail the attacks. The Vice President of the public sector at Thycotic Centrify pointed out that it would help the victims realize how common the attacks are and reduce the associated stigma. Kevin Dunne of Pathlock Inc noted that only complete information could help the government make progress.

Get similar news in your inbox weekly, for free

Share this news:

Latest stories

How ManageEngine Applications Manager Can Help Overcome Challenges In Kubernetes Monitoring

We tested ManageEngine Applications Manager to monitor different Kubernetes clusters. This post shares our review …

AIOps with Site24x7: Maximizing Efficiency at an Affordable Cost

In this post we'll dive deep into integrating AIOps in your business suing Site24x7 to …

A Review of Zoho ManageEngine

Zoho Corp., formerly known as AdventNet Inc., has established itself as a major player in …

Should I learn Java in 2023? A Practical Guide

Java is one of the most widely used programming languages in the world. It has …

The fastest way to ramp up on DevOps

You probably have been thinking of moving to DevOps or learning DevOps as a beginner. …

Why You Need a Blockchain Node Provider

In this article, we briefly cover the concept of blockchain nodes provider and explain why …

Top 5 Virtual desktop Provides in 2022

Here are the top 5 virtual desktop providers who offer a range of benefits such …

Why Your Business Should Connect Directly To Your Cloud

Today, companies make the most use of cloud technology regardless of their size and sector. …

7 Must-Watch DevSecOps Videos

Security is a crucial part of application development and DevSecOps makes it easy and continuous.The …