Senators push bipartisan bill to sanction nations involved with ransomware attacks

Sens. Rubio and Feinstein push bill that would slap sanctions on any nation providing 'safe haven' to cybercriminals

Top senators on the Senate Intelligence Committee introduced bipartisan legislation Thursday that seeks to sanction any nation involved in ransomware attacks against the U.S.

The Sanction and Stop Ransomware Act, introduced by committee vice chair Marco Rubio, R-Fla., and Sen. Diane Feinstein, D-Calif., directs the Secretary of State in coordination with the Director of National Intelligence (DNI) to identify and impose penalties on states that sponsor ransomware assaults.

RUBIO'S CHILLING WARNING: CHINA HAS WEAPONIZED US ‘CORPORATE LUST FOR PROFITS'

The secretary and DNI would be responsible for determining if a ransomware attack was in any way state-supported, including by providing a "safe haven for individuals or groups."

The legislation would then require the U.S. president to slap sanctions on any country designated as a state supporter of ransomware – a policy that is consistent with sanctions levied against state-sponsored terrorism. 

Ticker Security Last Change Change %
FTNT FORTINET, INC. 299.49 -4.57 -1.50%
CRWD CROWDSTRIKE HOLDINGS, INC. 263.09 -1.65 -0.62%
MIME MIMECAST LTD 67.41 -2.05 -2.95%

"Cybercriminals don’t discriminate – they target small companies, large corporations, and government agencies using ransomware," Feinstein said in a statement. "Congress must do more to support all organizations and companies struggling to deal with these escalating attacks."

The legislation comes after months of increasing cyberattacks coming out of Russia and most recently China, following the attack on Microsoft's Exchange email servers last month.

JUSTICE DEPARTMENT TO ELEVATE RANSOMWARE ATTACKS TO BE ON PAR WITH TERRORISM

The Biden administration accused the Chinese government of having a hand in the breach. Secretary of State Antony Blinken said China’s Ministry of State Security "fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain."

In an attempt to preemptively counter future attacks, the bill calls for the creation of cybersecurity standards for critical infrastructure groups in both the private and public sectors. 

CLICK HERE TO GET THE FOX NEWS APP

The bill would require "federal agencies, government contractors, and critical infrastructure owners and operators" to report any attack within 24 hours to the Cybersecurity and Infrastructure Security Agency (CISA)  – which would be tasked with establishing a new ransomware reporting system.

"Ransomware attacks threaten the health and safety of countless Americans," Rubio said in a statement. "It is time for the United States to take strong, decisive action to protect American businesses, infrastructure, and government institutions."