arrow_back Back to App

Mandatory Ransom Payment Disclosure for Cyberattacks

New rules require companies and public entities to report any ransom payments made after cyberattacks to the U.S. Department of Homeland Security. This aims to better understand and combat cybercrime, and protect information systems, indirectly impacting citizens' data security.
Key points
Companies and public entities that pay a ransom after a cyberattack must report it within 7 days.
The disclosure must include payment details like amount, currency (including cryptocurrency), and known information about the attackers.
The Department of Homeland Security will publish aggregated data on ransoms, without revealing the identity of individual entities.
Penalties are foreseen for failure to disclose ransom payments.
Individuals can voluntarily report ransom payments, which will aid in threat analysis.
article Official text account_balance Process page
Expired
Citizen Poll
No votes cast
Additional Information
Print number: 117_S_2926
Sponsor: Sen. Warren, Elizabeth [D-MA]
Process start date: 2021-10-04
Lustra uses Artificial Intelligence. Verify details in source documents.
Summarized by: gemini-2.5-flash-preview-05-20
Source data: api.congress.gov
AI work logs for this document launch

OFFICIAL LEGAL TITLE

A bill to require certain entities to disclose to the Secretary of Homeland Security ransom payments, and for other purposes.

FREQUENTLY ASKED QUESTIONS

What is the official ID of this bill?

The official print number for this legislation is 117_S_2926.

Which chamber initiated this legislation?

This legislation was initiated in the Senate.

When did the legislative process begin?

The process officially started on 2021-10-04.

What are the main provisions?

Key points include:

  • Companies and public entities that pay a ransom after a cyberattack must report it within 7 days.
  • The disclosure must include payment details like amount, currency (including cryptocurrency), and known information about the attackers.
  • The Department of Homeland Security will publish aggregated data on ransoms, without revealing the identity of individual entities.
  • Penalties are foreseen for failure to disclose ransom payments.
  • Individuals can voluntarily report ransom payments, which will aid in threat analysis.
What is the specific legal status?

The current status is Expired.

Where can I read the full text of this legislation?

The full official text is available at: View full text

Who is the primary sponsor?

The primary sponsor is Sen. Warren, Elizabeth [D-MA].

What is the latest detailed status?

The latest detailed status is: Introduced in Senate

Is this summary verified?

Yes. This content was analyzed by AI and verified by the Lustra Judge System on 2025-12-29.

CATEGORIES

Security Informatization