Indeed, the act seeks to prevent any and all types of cybersecurity incidents, including but not limited to ransomware. The legislation as written would already capture ransomware incidents, because ransomware is simply a form of malicious code that is used for a particular purpose. Often, it's extortion.
The act already gives the government the ability to collect technical information to prevent, respond to and recover from ransomware incidents. If we stop the malicious code from getting into our systems in the first place, then malicious actors won't have the opportunity to hold us to ransom.