Senate Passes Ransomware Law
A new law has passed the US senate which will demand the federal government ramp up its support for organizations hit by ransomware.
The DHS Cyber Hunt and Incident Response Teams Act would require the Department of Homeland Security (DHS) to build dedicated teams tasked with providing advice to organizations on how best to protect their systems from attack, as well as other technical support, including incident response assistance.
Although the new capabilities would be available to all public and private organizations on request — including businesses, police departments, hospitals, and banks — senate minority leader Chuck Schumer focused on protection for New York state schools in his comments on the legislation.
“The Senate passing the DHS Cyber Hunt and Incident Response Teams Act is an important step in protecting upstate New York school districts from the swaths of ransomware attacks that take hostage the personal information and vital data of our students, school employees and local governments,” he said in a statement.
“It’s critical that we use all available resources to protect New York students from cyber crooks, and enhance and increase our resiliency to these attacks. I’m proud of the role I played in pushing this sorely-needed legislation through the senate and won’t stop working until it’s signed into law.”
One security vendor calculated last week that ransomware attacks have disrupted operations at 49 US school districts and educational institutions in the first nine months of the year, compromising potentially 500 K-12 schools versus just 11 last year.
This makes the sector the second most popular for ransomware attackers after local municipalities.
These have been battered by attacks over the past few months, with one campaign in Texas hitting 23 local government entities simultaneously.
A similar piece of legislation to the DHS Cyber Hunt and Incident Response Teams Act has already passed in the House of Representatives, so the two will now begin the reconciliation process.
Source: Information Security Magazine