U.S. lawmakers are considering a proposal to designate countries that harbor or support ransomware gangs as state sponsors of terrorism. This initiative is part of the Intelligence Authorization Act for the 2025 fiscal year, spearheaded by Senator Mark Warner.
The proposal aims to categorize countries like Russia, accused of providing safe havens for cybercriminals involved in ransomware attacks, alongside nations such as Cuba, Iran, North Korea, and Syria, subjecting them to similar penalties and sanctions.
The proposed legislation specifically identifies notorious ransomware groups with links to Russia, including Black Basta, BlackCat, Cl0p, Conti, DarkSide, LockBit, and REvil. The bill suggests that these ransomware gangs not only engage in criminal activities but also contribute to the geopolitical agendas of their host countries.
By designating these countries as state sponsors of terrorism, the U.S. could impose stringent sanctions, including bans on foreign assistance, defense exports, and restrictions on dual-use items.
Additionally, the bill proposes that ransomware attacks on critical national infrastructure (CNI) should be prioritized as an intelligence concern under the U.S. National Intelligence Priorities Framework.
Jon Miller, CEO of Halcyon Security, supports the reclassification of ransomware attacks as acts of terrorism, particularly when they target essential services like healthcare, utilities, or communications. He argues that these attacks, though often disguised as mere criminal activity, serve the broader geopolitical interests of adversarial governments.
Miller highlights the dual nature of ransomware operations, where financial gain and disruption are both key objectives. He underscores the importance of recognizing these attacks as terrorism, given their potential to endanger lives and national security. He emphasizes that if a physical attack on critical infrastructure would be labeled as terrorism, then similar cyberattacks should receive the same classification.
The potential implications of this U.S. bill extend beyond American borders, particularly affecting UK organizations with business ties to both Russia and the U.S. While the UK is also moving towards stronger cybersecurity laws, including better reporting of ransomware incidents, it has not yet reached the stage of implementing measures like those proposed in the U.S.
There is ongoing debate in both countries about banning ransomware payments, and the UK may eventually follow the U.S. lead if Warner’s proposals are enacted.