US lawmakers have not ruled out legislation that could ban private companies from making ransomware payments, Sen. Gary Peters of Michigan, chairman of the Senate Homeland Security Committee, has said.
“It’s a possibility that we ban [ransomware payments],” the Michigan Democrat said during a Washington Post Live event. “I’m not closing the door on that.” Peters pointed to a $100 million Cyber Response and Recovery Fund, included in the bipartisan infrastructure bill passed by the Senate over the summer, as a step toward reducing the number of companies who feel compelled to make ransomware payments.
“We have to right now be focused on working with companies to understand that there are alternatives to paying a ransom, particularly if they get assistance from the federal government and look at the federal government as a partner,” Peters said.
The FBI already recommends that companies not pay ransoms to criminals who hack their computer networks, but private entities are free to ignore this advice under current law.
The event comes amid news that the Russia-linked hackers behind the massive 2020 SolarWinds breach of hundreds of major corporations and U.S. government agencies have stepped up their efforts to compromise American institutions