109 HR 4551 IH: Reporting Attacks from Nations Selected for Oversight and Monitoring Web Attacks and Ransomware from Enemies Act
U.S. House of Representatives
2021-07-20
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.
1.This Act may be cited as the Reporting Attacks from Nations Selected for Oversight and Monitoring Web Attacks and Ransomware from Enemies Act
or the RANSOMWARE Act
. 2.Ransomware and other cyber-related attacksSection 14 of the U.S. SAFE WEB Act of 2006 (Public Law 109–455; 120 Stat. 3382) is amended—(1)in the matter preceding paragraph (1)—(A)by striking Not later than 3 years after the date of enactment of this Act,
and inserting Not later than 1 year after the date of enactment of the Reporting Attacks from Nations Selected for Oversight and Monitoring Web Attacks and Ransomware from Enemies Act, and every 2 years thereafter,
; and(B)by inserting , with respect to the 2-year period preceding the date of the report (or, in the case of the first report transmitted under this section after the date of the enactment of the Reporting Attacks from Nations Selected for Oversight and Monitoring Web Attacks and Ransomware from Enemies Act, the 1-year period preceding the date of the report)
after include
;(2)in paragraph (8), by striking ; and
and inserting a semicolon;(3)in paragraph (9), by striking the period at the end and inserting ; and
; and(4)by adding at the end the following:(10)the number and details of cross-border complaints received by the Commission that involve ransomware or other cyber-related attacks—(A)that were committed by individuals located in foreign countries or with ties to foreign countries; and(B)that were committed by companies located in foreign countries or with ties to foreign countries..3.Report on ransomware and other cyber-related attacks by certain foreign individuals, companies, and governments(a)Not later than 1 year after the date of the enactment of this Act, and every 2 years thereafter, the Federal Trade Commission shall transmit to the Committee on Energy and Commerce of the House of Representatives and the Committee on Commerce, Science, and Transportation of the Senate a report describing its use of and experience with the authority granted by the U.S. SAFE WEB Act of 2006 (Public Law 109–455) and the amendments made by such Act. The report shall include the following:(1)The number and details of cross-border complaints received by the Commission (including which such complaints were acted upon and which such complaints were not acted upon) that relate to incidents that were committed by individuals, companies, or governments described in subsection (b), broken down by each type of individual, type of company, or government described in a paragraph of such subsection.(2)The number and details of cross-border complaints received by the Commission (including which such complaints were acted upon and which such complaints were not acted upon) that involve ransomware or other cyber-related attacks that were committed by individuals, companies, or governments described in subsection (b), broken down by each type of individual, type of company, or government described in a paragraph of such subsection.(3)A description of trends in the number of cross-border complaints received by the Commission that relate to incidents that were committed by individuals, companies, or governments described in subsection (b), broken down by each type of individual, type of company, or government described in a paragraph of such subsection.(4)Identification and details of foreign agencies (including foreign law enforcement agencies (as defined in section 4 of the Federal Trade Commission Act (15 U.S.C. 44))) located in Russia, China, North Korea, or Iran with which the Commission has cooperated and the results of such cooperation, including any foreign agency enforcement action or lack thereof.(5)A description of Commission litigation, in relation to cross-border complaints described in paragraphs (1) and (2), brought in foreign courts and the results of such litigation.(6)Any recommendations for legislation that may advance the mission of the Commission in carrying out the U.S. SAFE WEB Act of 2006 and the amendments made by such Act.(7)Any recommendations for legislation that may advance the security of the United States and United States companies against ransomware and other cyber-related attacks.(8)Any recommendations for United States citizens and United States businesses to implement best practices on mitigating ransomware and other cyber-related attacks.(b)Individuals, companies, and governments describedThe individuals, companies, and governments described in this subsection are the following:(1)An individual located within Russia or with direct or indirect ties to the Government of the Russian Federation.(2)A company located within Russia or with direct or indirect ties to the Government of the Russian Federation.(3)The Government of the Russian Federation.(4)An individual located within China or with direct or indirect ties to the Government of the People’s Republic of China.(5)A company located within China or with direct or indirect ties to the Government of the People’s Republic of China.(6)The Government of the People’s Republic of China.(7)An individual located within North Korea or with direct or indirect ties to the Government of the Democratic People’s Republic of Korea.(8)A company located within North Korea or with direct or indirect ties to the Government of the Democratic People’s Republic of Korea.(9)The Government of the Democratic People’s Republic of Korea.(10)An individual located within Iran or with direct or indirect ties to the Government of the Islamic Republic of Iran.(11)A company located within Iran or with direct or indirect ties to the Government of the Islamic Republic of Iran.(12)The Government of the Islamic Republic of Iran.