House Bill 4551
117th Congress(2021-2022)
RANSOMWARE Act
Active
Active
Passed House on Jul 27, 2022
Overview
Text
H. R. 4551 (Reported-in-House)

Union Calendar No. 343

117th CONGRESS
2d Session
H. R. 4551

[Report No. 117–439]


To amend the U.S. SAFE WEB Act of 2006 to provide for reporting with respect to cross-border complaints involving ransomware or other cyber-related attacks, and for other purposes.


IN THE HOUSE OF REPRESENTATIVES

July 20, 2021

Mr. Bilirakis introduced the following bill; which was referred to the Committee on Energy and Commerce

July 26, 2022

Additional sponsor: Ms. Schakowsky

July 26, 2022

Reported from the Committee on Energy and Commerce; committed to the Committee of the Whole House on the State of the Union and ordered to be printed


A BILL

To amend the U.S. SAFE WEB Act of 2006 to provide for reporting with respect to cross-border complaints involving ransomware or other cyber-related attacks, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Short title.

This Act may be cited as the “Reporting Attacks from Nations Selected for Oversight and Monitoring Web Attacks and Ransomware from Enemies Act” or the “RANSOMWARE Act”.

SEC. 2. Ransomware and other cyber-related attacks.

Section 14 of the U.S. SAFE WEB Act of 2006 (Public Law 109–455; 120 Stat. 3382) is amended—

(1) in the matter preceding paragraph (1)—

(A) by striking “Not later than 3 years after the date of enactment of this Act,” and inserting “Not later than 1 year after the date of enactment of the Reporting Attacks from Nations Selected for Oversight and Monitoring Web Attacks and Ransomware from Enemies Act, and every 2 years thereafter,”; and

(B) by inserting “, with respect to the 2-year period preceding the date of the report (or, in the case of the first report transmitted under this section after the date of the enactment of the Reporting Attacks from Nations Selected for Oversight and Monitoring Web Attacks and Ransomware from Enemies Act, the 1-year period preceding the date of the report)” after “include”;

(2) in paragraph (8), by striking “; and” and inserting a semicolon;

(3) in paragraph (9), by striking the period at the end and inserting “; and”; and

(4) by adding at the end the following:

“(10) the number and details of cross-border complaints received by the Commission that involve ransomware or other cyber-related attacks—

“(A) that were committed by individuals located in foreign countries or with ties to foreign countries; and

“(B) that were committed by companies located in foreign countries or with ties to foreign countries.”.

SEC. 3. Report on ransomware and other cyber-related attacks by certain foreign individuals, companies, and governments.

(a) In general.—Not later than 1 year after the date of the enactment of this Act, and every 2 years thereafter, the Federal Trade Commission shall transmit to the Committee on Energy and Commerce of the House of Representatives and the Committee on Commerce, Science, and Transportation of the Senate a report describing its use of and experience with the authority granted by the U.S. SAFE WEB Act of 2006 (Public Law 109–455) and the amendments made by such Act. The report shall include the following:

(1) The number and details of cross-border complaints received by the Commission (including which such complaints were acted upon and which such complaints were not acted upon) that relate to incidents that were committed by individuals, companies, or governments described in subsection (b), broken down by each type of individual, type of company, or government described in a paragraph of such subsection.

(2) The number and details of cross-border complaints received by the Commission (including which such complaints were acted upon and which such complaints were not acted upon) that involve ransomware or other cyber-related attacks that were committed by individuals, companies, or governments described in subsection (b), broken down by each type of individual, type of company, or government described in a paragraph of such subsection.

(3) A description of trends in the number of cross-border complaints received by the Commission that relate to incidents that were committed by individuals, companies, or governments described in subsection (b), broken down by each type of individual, type of company, or government described in a paragraph of such subsection.

(4) Identification and details of foreign agencies (including foreign law enforcement agencies (as defined in section 4 of the Federal Trade Commission Act (15 U.S.C. 44))) located in Russia, China, North Korea, or Iran with which the Commission has cooperated and the results of such cooperation, including any foreign agency enforcement action or lack thereof.

(5) A description of Commission litigation, in relation to cross-border complaints described in paragraphs (1) and (2), brought in foreign courts and the results of such litigation.

(6) Any recommendations for legislation that may advance the mission of the Commission in carrying out the U.S. SAFE WEB Act of 2006 and the amendments made by such Act.

(7) Any recommendations for legislation that may advance the security of the United States and United States companies against ransomware and other cyber-related attacks.

(8) Any recommendations for United States citizens and United States businesses to implement best practices on mitigating ransomware and other cyber-related attacks.

(b) Individuals, companies, and governments described.—The individuals, companies, and governments described in this subsection are the following:

(1) An individual located within Russia or with direct or indirect ties to the Government of the Russian Federation.

(2) A company located within Russia or with direct or indirect ties to the Government of the Russian Federation.

(3) The Government of the Russian Federation.

(4) An individual located within China or with direct or indirect ties to the Government of the People’s Republic of China.

(5) A company located within China or with direct or indirect ties to the Government of the People’s Republic of China.

(6) The Government of the People’s Republic of China.

(7) An individual located within North Korea or with direct or indirect ties to the Government of the Democratic People’s Republic of Korea.

(8) A company located within North Korea or with direct or indirect ties to the Government of the Democratic People’s Republic of Korea.

(9) The Government of the Democratic People’s Republic of Korea.

(10) An individual located within Iran or with direct or indirect ties to the Government of the Islamic Republic of Iran.

(11) A company located within Iran or with direct or indirect ties to the Government of the Islamic Republic of Iran.

(12) The Government of the Islamic Republic of Iran.


Union Calendar No. 343

117th CONGRESS
     2d Session
H. R. 4551
[Report No. 117–439]

A BILL
To amend the U.S. SAFE WEB Act of 2006 to provide for reporting with respect to cross-border complaints involving ransomware or other cyber-related attacks, and for other purposes.

July 26, 2022
Committed to the Committee of the Whole House on the State of the Union and ordered to be printed