Ransomware

Ransomware attacks on financial sector targeted in House bill

The bipartisan proposal would require the Treasury secretary to detail public-private efforts to prevent and combat such incidents in a report to Congress.

By Matt Bracken

August 8, 2024

The U.S. Treasury Department building is seen in Washington, D.C., on Jan. 19, 2023. (Photo by SAUL LOEB/AFP via Getty Images)

A bipartisan pair of lawmakers on the House Financial Services Committee are sounding the alarm about ransomware attacks on financial institutions, pushing in new legislation for more coordination between the public and private sectors on prevention and response measures.

The Public and Private Sector Ransomware Response Coordination Act from Reps. Zach Nunn, R-Iowa, and Josh Gottheimer, D-N.J., calls on the Treasury Department to submit a report to the top House and Senate intelligence and financial services/banking committees. That report would detail public-private efforts to combat ransomware and how government agencies are working to prevent such attacks.

“Ransomware attacks are incredibly costly — and increasingly common,” Gottheimer said in a statement. “As a member of both the House Permanent Select Committee on Intelligence and the Financial Services Committee, I understand the dual security-economic risk that these attacks pose. We must develop a coordinated approach to prevent ransomware attacks and respond when they happen.”

Gottheimer emphasized the need for Treasury and private-sector partners to “develop a game plan” to reduce ransomware attacks. The bill mandates that the report to Congress includes analyses of financial institutions’ reporting requirements, the adequacy of federal agencies’ access to information after attacks, recommendations to enhance public-private partnerships and information sharing and suggestions for additional legislation.

The legislation also aims to get to the bottom of why financial institutions may delay or withhold reporting ransomware attacks to federal agencies, a provision that comes at a time when support is growing among cybersecurity experts for a ban on ransomware payments.

“Our country is in a better position when all companies stand firm against ransomware hostage-taking,” Nunn said in a statement. “We can strengthen our position by deterring these attacks, which have cost American businesses more than $1 billion in bounties over the last year.”

Nunn, who previously served as director of cybersecurity on the National Security Council, added that his time in the White House showed him “firsthand” the importance of prioritizing cybersecurity and leaning on public-private partnerships.

The financial services industry has been an increasingly prime target for threat actors in recent years. A June report from the cybersecurity firm Sophos found that 65% of financial services organizations have been hit with ransomware attacks this year, up 1 percentage point from 2023 and a 10-point jump from 2022.