[Congressional Bills 117th Congress]
[From the U.S. Government Publishing Office]
[H.R. 4551 Referred in Senate (RFS)]
<DOC>
117th CONGRESS
2d Session
H. R. 4551
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
July 28, 2022
Received; read twice and referred to the Committee on Commerce,
Science, and Transportation
_______________________________________________________________________
AN ACT
To amend the U.S. SAFE WEB Act of 2006 to provide for reporting with
respect to cross-border complaints involving ransomware or other cyber-
related attacks, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Reporting Attacks from Nations
Selected for Oversight and Monitoring Web Attacks and Ransomware from
Enemies Act'' or the ``RANSOMWARE Act''.
SEC. 2. RANSOMWARE AND OTHER CYBER-RELATED ATTACKS.
Section 14 of the U.S. SAFE WEB Act of 2006 (Public Law 109-455;
120 Stat. 3382) is amended--
(1) in the matter preceding paragraph (1)--
(A) by striking ``Not later than 3 years after the
date of enactment of this Act,'' and inserting ``Not
later than 1 year after the date of enactment of the
Reporting Attacks from Nations Selected for Oversight
and Monitoring Web Attacks and Ransomware from Enemies
Act, and every 2 years thereafter,''; and
(B) by inserting ``, with respect to the 2-year
period preceding the date of the report (or, in the
case of the first report transmitted under this section
after the date of the enactment of the Reporting
Attacks from Nations Selected for Oversight and
Monitoring Web Attacks and Ransomware from Enemies Act,
the 1-year period preceding the date of the report)''
after ``include'';
(2) in paragraph (8), by striking ``; and'' and inserting a
semicolon;
(3) in paragraph (9), by striking the period at the end and
inserting ``; and''; and
(4) by adding at the end the following:
``(10) the number and details of cross-border complaints
received by the Commission that involve ransomware or other
cyber-related attacks--
``(A) that were committed by individuals located in
foreign countries or with ties to foreign countries;
and
``(B) that were committed by companies located in
foreign countries or with ties to foreign countries.''.
SEC. 3. REPORT ON RANSOMWARE AND OTHER CYBER-RELATED ATTACKS BY CERTAIN
FOREIGN INDIVIDUALS, COMPANIES, AND GOVERNMENTS.
(a) In General.--Not later than 1 year after the date of the
enactment of this Act, and every 2 years thereafter, the Federal Trade
Commission shall transmit to the Committee on Energy and Commerce of
the House of Representatives and the Committee on Commerce, Science,
and Transportation of the Senate a report describing its use of and
experience with the authority granted by the U.S. SAFE WEB Act of 2006
(Public Law 109-455) and the amendments made by such Act. The report
shall include the following:
(1) The number and details of cross-border complaints
received by the Commission (including which such complaints
were acted upon and which such complaints were not acted upon)
that relate to incidents that were committed by individuals,
companies, or governments described in subsection (b), broken
down by each type of individual, type of company, or government
described in a paragraph of such subsection.
(2) The number and details of cross-border complaints
received by the Commission (including which such complaints
were acted upon and which such complaints were not acted upon)
that involve ransomware or other cyber-related attacks that
were committed by individuals, companies, or governments
described in subsection (b), broken down by each type of
individual, type of company, or government described in a
paragraph of such subsection.
(3) A description of trends in the number of cross-border
complaints received by the Commission that relate to incidents
that were committed by individuals, companies, or governments
described in subsection (b), broken down by each type of
individual, type of company, or government described in a
paragraph of such subsection.
(4) Identification and details of foreign agencies
(including foreign law enforcement agencies (as defined in
section 4 of the Federal Trade Commission Act (15 U.S.C. 44)))
located in Russia, China, North Korea, or Iran with which the
Commission has cooperated and the results of such cooperation,
including any foreign agency enforcement action or lack
thereof.
(5) A description of Commission litigation, in relation to
cross-border complaints described in paragraphs (1) and (2),
brought in foreign courts and the results of such litigation.
(6) Any recommendations for legislation that may advance
the mission of the Commission in carrying out the U.S. SAFE WEB
Act of 2006 and the amendments made by such Act.
(7) Any recommendations for legislation that may advance
the security of the United States and United States companies
against ransomware and other cyber-related attacks.
(8) Any recommendations for United States citizens and
United States businesses to implement best practices on
mitigating ransomware and other cyber-related attacks.
(b) Individuals, Companies, and Governments Described.--The
individuals, companies, and governments described in this subsection
are the following:
(1) An individual located within Russia or with direct or
indirect ties to the Government of the Russian Federation.
(2) A company located within Russia or with direct or
indirect ties to the Government of the Russian Federation.
(3) The Government of the Russian Federation.
(4) An individual located within China or with direct or
indirect ties to the Government of the People's Republic of
China.
(5) A company located within China or with direct or
indirect ties to the Government of the People's Republic of
China.
(6) The Government of the People's Republic of China.
(7) An individual located within North Korea or with direct
or indirect ties to the Government of the Democratic People's
Republic of Korea.
(8) A company located within North Korea or with direct or
indirect ties to the Government of the Democratic People's
Republic of Korea.
(9) The Government of the Democratic People's Republic of
Korea.
(10) An individual located within Iran or with direct or
indirect ties to the Government of the Islamic Republic of
Iran.
(11) A company located within Iran or with direct or
indirect ties to the Government of the Islamic Republic of
Iran.
(12) The Government of the Islamic Republic of Iran.
Passed the House of Representatives July 27, 2022.
Attest:
CHERYL L. JOHNSON,
Clerk.