Other organisations such as state and local governments and businesses with more than 50 employees would also be required to report any ransoms paid following an attack to the federal government within 24 hours of payment.
Top security officials CISA Director Jen Easterly and National Cyber Director Chris Inglis attended a committee hearing last week to support a draft version of the measure.
The Senate bill comes after the House of Representatives passed a similar measure in fiscal 2022 National Defense Authorisation Act (H.R. 4350) on September 23. The House bill, however, does not require ransomware payments to be reported.