Imagine walking into your office and booting up your computer to finish up that important report you’ve been working on. Instead of seeing your usual desktop, however, you’re greeted with a message demanding ransom….or you’ll never see the contents of your computer again. This may sound like the plot of John Grisham book, but it’s a real-live scenario increasingly playing out across the country and around the world. Even worse? This type of malware — dubbed “ransomware” — may be coming soon to a computer near you.
With millions of organizations at the mercy of this new breed of cybercrime, legislators in California are stepping up to take them on with a new ransomware bill known as Senate Bill 1137. Let’s take a closer look at the increasing prevalence of ransomware, along with how this latest legislation aims to take on the problem.
Senate Bill 1137 describes ransomware as “computer or data contaminant or lock placed in or introduced into a computer system, computer or data in a computer system, or computer that restricts access to the system, computer, or data in some way, and under circumstances in which the person responsible for the ransomware demands payment of money or other consideration to remove the contaminant, unlock the computer system or computer, or repair the injury done to the computer system, computer, or data by the contaminant or lock.”
Currently, ransomware comes in two forms: crypto and locker. The former encrypts victims’ data and files while the latter effectively “locks” computers preventing victims from accessing their hard drives and everything they contain. Both types require victims to fork over money in order to regain access to their information.
Still think ransomware can’t or won’t affect you and your organization? Think again. According to statistics shared by Norton by Symantec, 68,000 computers are infected with ransomware monthly — that’s 5,700 every day. Even worse? Once the ransom is paid, functionality is not usually restored at which point removing the malware becomes the only solution.
And while installing security software; keeping your operating system and all software up-to-date; and having redundant communication tools in place can help prevent infections and protect your organization, the sad fact is that cybercriminals are nothing if not adaptable. As ransomware techniques become more sophisticated, they’re becoming even harder to outmaneuver. Not only that, but all types of organizations — from schools to the financial sector — are vulnerable.
California State Senator Bob Hertzberg proposed Senate Bill 1137 in response to a recent spate of ransomware incidents, including the high-profile case of California’s Hollywood Presbyterian Medical Center (HPMC), which was crippled by ransomware earlier this year and ultimately ended up paying out $17,000 in bitcoin to decrypt their files and halt panic among staff and administrators alike. The legislation calls for prison time and steep fines for anyone who “directly places or introduces the contaminant or lock, directs another to do so, or induces another person do so, with the intent of demanding payment or other consideration to remove the contaminant.”
Why the push? Ransomware victims paid more than $209 million to cybercriminals in the first three months of 2016, according to FBI statistics shared by Hertzberg’s office. Co-sponsored by the Los Angeles County District Attorney’s Office, Senate Bill 1137 is deemed necessary by its advocates because current extortion laws insufficiently cover prosecuting ransomware attacks.
While Hertzberg’s camp cites strong support and little opposition to date, the bill still has far to go — ultimately requiring approval by both California legislature houses as well as a signature by Governor Jerry Brown. Still, Senate Bill 1137 represents a significant step forward — both in taking down cybercriminals and safeguarding the organizations in their crafty crosshairs.