New California Law: Deploy Ransomware, Face Four Years in Prison
The law went into effect on January 1, 2017.
A new state law went into effect in California on January 1, 2017 that provides a maximum penalty of four years in state prison for deploying ransomware, Ars Technica reports.
SB 1137 was signed by Governor Jerry Brown on September 27, 2016.
"This legislation provides prosecutors the clarity they need to charge and convict perpetrators of ransomware," California State Senator Bob Hertzberg said in a statement. "Unfortunately, we've seen a dramatic increase in the use of ransomware. This bill treats this crime, which is essentially an electronic stickup, with the seriousness it deserves."
According to the results of a recent IBM Security survey of 600 business leaders and more than 1,000 consumers, almost half of all business executives surveyed have experienced ransomware attacks in the workplace, and 70 percent said their company has paid to resolve the attack -- half have paid more than $10,000, and 20 percent have paid more than $40,000.
In comparison, more than 50 percent of consumers said they wouldn't pay a ransom to regain access to most personal data -- with some exceptions. Fifty-four percent of consumers said they would likely pay to get financial data back, and 55 percent of parents said they would be willing to pay to regain access to family photos.
"While consumers and businesses have different experiences with ransomware, cyber criminals have no boundaries when it comes to their targets," IBM Security executive security advisor Limor Kessem said in a statement.
"The digitization of memories, financial information and trade secrets require a renewed vigilance to protect it from extortion schemes like ransomware," Kessem added. "Cyber criminals are taking advantage of our reliance on devices and digital data creating pressure points that test our willingness to lose precious memories or financial security."
A separate Barkly survey of IT professionals at more than 100 organizations found that 71 percent of respondents that were targeted with ransomware attacks over the past year were infected.
Still, when asked what adjustments they were planning to make to better protect themselves in 2017, almost two thirds of respondents said no changes were planned.
When asked about their leading security concerns for 2017, ransomware was the top response at 35 percent, followed by users (30 percent) and phishing attacks (15 percent).
And a separate Cato Networks survey of 713 IT leaders worldwide found that more than 50 percent of IT professionals and 73 percent of CIOs said defending against emerging threats such as ransomware is their number one priority over the next 12 months.
A recent eSecurity Planet article offered advice on blocking ransomware attacks.
Photo courtesy of Shutterstock.