FBI Says It Needs Americans’ Help, Asks Congress to Make Ransomware Reporting Mandatory

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

FBI Ransomware Overview:

• Who: The FBI and Department of Justice are asking Congress to pass a bill that would force companies and average citizens to report ransomware attacks when they happen.
• Why: A requirement to report ransomware attacks would make it much easier to investigate such attacks, law enforcement officials argue.
• Where: The United States.

The FBI and Department of Justice need Americans’ to help more in preventing cyberattacks, saying businesses might be holding back information due to fear of being sued.

In a congressional hearing Tuesday, top federal cybersecurity officials asked lawmakers to pass a bill that would force U.S. citizens and companies to report ransomware attacks when they happen, Law360 reports.

“Without prompt reporting, investigative opportunities are lost, our ability to assist other victims facing the same attacks is degraded, and the government and Congress does not have a full picture of the threat facing American companies,” Deputy Assistant Attorney General Richard Downing told a U.S. Senate Judiciary Committee hearing.

The appeal comes after a number of high profile cyberattacks on United States properties and public assets, including hospitals, schools and a fuel pipeline. 

The ransomware attack on Colonial Pipeline Co., which transports nearly half of the East Coast’s supply of diesel, gasoline and jet fuel, led to a temporary shutdown of the pipeline, causing major ripple effects that are still being investigated.

According to the testimonies on Tuesday, nearly three-in-four cyberattacks  in the country are never reported, making it harder for authorities to prevent.

“Without this visibility, we are unable to effectively share information, develop timely alerts, help victims and understand impacts of these intrusions to the national critical functions upon which we all depend,” the Cybersecurity and Infrastructure Security Agency Executive Assistant Director Eric Goldstein reportedly said. 

In May, after some high-profile attacks on national utilities and services, President Joe Biden issued an executive order ordering IT sector government contractors to report cyberattacks. 

On Tuesday, FBI’s Cyber Division Assistant Director Bryan Vorndran said cybercrime victims should be forced to let authorities know about cybercriminals’ ransom demands, and whether they paid the ransom.

The idea of giving companies liability protection if they do alert law enforcement to the attacks was also proposed. Some companies may be fearful of making their cyberattacks public due to the risk of litigation, including class action lawsuits.

“Victims should not be worse off for helping the government,” Downing said. “They should maintain whatever legal privilege they had on that information prior to sharing the information.”

There are a number of companies currently facing class action lawsuits due to their lack of protections from ransomware. 

Blackbaud, Inc is currently facing claims it failed to adequately prepare for and deal with a data breach and ransomware attack that exposed the personal and health information of millions across the globe. 

Simultaneously, tech company Elekta, Inc has been hit with a class action lawsuit alleging that the suspension of its cloud data storage system in the face of an April ransomware attack delayed cancer treatments for patients.  

What do you think of this proposed bill? Let us know in the comments.

Read About More Class Action Lawsuits & Class Action Settlements:

• Elekta Ransomware Attack Delayed Cancer Treatments, Claims Class Action Lawsuit
• Maximus Inc Data Breach Exposed 330K Medicaid Providers’ Info, Says Class Action Lawsuit
• Hospital Where Mother Died of COVID-19 Allowed Her Data to Be Hacked, Alleges Class Action
• Blackbaud To Face Data Breach Class Action Lawsuit, Judge Rules