24, 48 or 72 Hours? New Bill Complicates Regulation of Ransomware Payments, Introduces Terms That Conflict With Existing Legislation Under Consideration
Tuesday, October 12, 2021
There are two pieces of legislation already in front of Congress that would set reporting requirements for ransomware payments, each proposing different time windows for different industries and company sizes. One would subject many companies to a 24-hour reporting requirement, another would set the window at 72 hours.
Ilia Kolochenko, Founder/CEO and Chief Architect of ImmuniWeb, also points out that more information gathering has not always proved to be helpful when conducted in this particular way: “Mere information gathering about ransom payments will unlikely bring the desired results, as transactions on cryptocurrencies are oftentimes untraceable and non investigable. Thus, it would also be worthwhile to consider expanding the law to provide additional authority to existing law enforcement agencies, increase their cybersecurity budgets, provide free training and 24/7 support to the victims, and expand international cooperation in the investigation and prosecution of cybercrime. Countless cybercrime cases are never cleared because of slow or otherwise ineffective collaboration across different countries.” Read Full Article
The Daily Swig: Google distributing 10,000 security keys to journalists, elected officials, human rights activists
eSecurityPlanet: Google Sending Security Keys to 10,000 Users at High Risk of Attack