Ransomware May Be Illegal in California, But Prosecuting Offenders Still Tough

The Senate Bill 1137 came into effect in the New Year and meant that people who put illegal software on a computer system could face prosecution.

​Previously State prosecutors had brought cases of ransomware under the existing extortion laws. The new law was signed in September 2016, but did not come into effect until the New Year. 

The maximum penalty fis four years in prison, but we ask, how enforceable is this law?

John Merritt from UK cybersecurity firm Qatalyst Global, said that the new law in California is a significant one and very symbolic, however it will be difficult to prosecute people.

"The FBI has made no arrests in connection with ransomware cases, despite their own figures revealing almost a 1,000% increase in recorded incidents. That said, ransomware attacks will only rise and rise as the software required becomes easier to find and use," John Merritt told Sputnik.

​​"The Senate bill could therefore be seen as future-proofing the Statute book in that way. Ransomware crimes are incredibly difficult to prosecute, not least because the vast majority go unreported — institutions don't want their security vulnerabilities becoming public knowledge," Mr. Merritt said.

Now that California has established ransomware as illegal, the hope is that a similar process can be put in place for European countries, but is this a realistic prospect? John Merritt believes that the UK may face similar issues to the US, however they may see more people prosecuted and a greater success rate.

​"Were a similar law to be enacted here then law enforcers would run up against the same restrictions as they currently do in the US, although the chain of command in Europe tends to be shorter than in the US, so there is some scope for greater success in prosecution," Mr. Merritt added.

​The problem of ransomware is not new; there have been several high profile ransomware attacks. In November 2015, an MP in the UK was hit by a ransomware attack as a result the hackers demanded money from them. Another high profile attack came when the Chinese government inadvertently hosted a website that infected people's PCs with ransomware software.

"Ransomware is a huge area and depending on the victim, can be incredibly disruptive. American hospitals are increasingly targeted by cybercriminals and medical staffs are left unable to access critical patient records, even as basic as which drugs a patient has been taking or might be allergic to," Mr. Merritt told Sputnik.  

So what can people do to avoid being attacked with ransomware software, especially if ransomware hackers may not even be prosecuted?

John Merritt said that the basic principles of IT security are your best friend. Don't click on attachments from unknown senders, stay vigilant and beware any email that asks you to confirm or change your password.

​With ransomware becoming a serious problem, the fact it is now illegal in certain states in the US is a progressive step in the right direction. However, if criminals are to be sent to prison for committing this crime, it appears that it must become a law which is more enforceable then it currently stands.