2020 and 2021 were record years for ransomware payments at about $765 million. The take collected by ransomware operators is now down 40% to $457 million in 2022.
There are two pieces of legislation already in front of Congress that would set reporting requirements for ransomware payments, each proposing different time windows for different industries and company sizes. A third now seeks a 48-hour limit.
New cyber incident reporting bill that has been introduced to the Senate would create new ransomware payment reporting requirements if passed, including a strict 24-hour limit for any business with more than 50 employees.
The U.S. Treasury Department has handed down the first sanctions to a crypto exchange, hitting Russia-based SUEX.io for facilitating ransomware payments.
There has been considerable debate about banning ransomware payments as a means of curbing the explosive growth of the crime Assistant director of the FBI's cyber division weighed in, suggesting that it would create a new avenue of extortion.
AXA France, regional division of European insurance giant AXA Group and France's largest general insurer, has announced that it will no longer reimburse ransomware payments for customers within the country.
The US Treasury is now warning of potential sanctions violations if ransomware payments are made, citing the possibility of civil penalties even if the attacker’s identity is unknown.