The Senate Bill 1137 came into effect in the New Year and meant that people who put illegal software on a computer system could face prosecution.
#Ransomware crime bill goes into effect in California
— Cyberops (@cyberops_in) January 5, 2017
— >verify your attachments
— >Do not click on #unknown web links
Previously State prosecutors had brought cases of ransomware under the existing extortion laws. The new law was signed in September 2016, but did not come into effect until the New Year.
The maximum penalty fis four years in prison, but we ask, how enforceable is this law?
John Merritt from UK cybersecurity firm Qatalyst Global, said that the new law in California is a significant one and very symbolic, however it will be difficult to prosecute people.
"The FBI has made no arrests in connection with ransomware cases, despite their own figures revealing almost a 1,000% increase in recorded incidents. That said, ransomware attacks will only rise and rise as the software required becomes easier to find and use," John Merritt told Sputnik.
If your business got hit by #ransomware, read this. The FBI wants you to report ransomware incidents https://t.co/OHCzOEU1x6 (PSA) pic.twitter.com/spDVEDDaP8
— Authentic8 (@Authentic8) December 24, 2016
"The Senate bill could therefore be seen as future-proofing the Statute book in that way. Ransomware crimes are incredibly difficult to prosecute, not least because the vast majority go unreported — institutions don't want their security vulnerabilities becoming public knowledge," Mr. Merritt said.
Now that California has established ransomware as illegal, the hope is that a similar process can be put in place for European countries, but is this a realistic prospect? John Merritt believes that the UK may face similar issues to the US, however they may see more people prosecuted and a greater success rate.
Fortinet: Ransomware costs to top $1 billion in 2016. Don't expect it to slow in 2017. https://t.co/eLQO4ptzgA pic.twitter.com/AJtvCdmJp2 #c…
— Jason (@UK_ITSecurity) December 28, 2016
"Were a similar law to be enacted here then law enforcers would run up against the same restrictions as they currently do in the US, although the chain of command in Europe tends to be shorter than in the US, so there is some scope for greater success in prosecution," Mr. Merritt added.
Using ransomware in California is now illegal… but this legislation is largely useless to the Californians. https://t.co/IB6BP4PTRa
— Avadiax (@avadiax) 4 January 2017
The problem of ransomware is not new; there have been several high profile ransomware attacks. In November 2015, an MP in the UK was hit by a ransomware attack as a result the hackers demanded money from them. Another high profile attack came when the Chinese government inadvertently hosted a website that infected people's PCs with ransomware software.
"Ransomware is a huge area and depending on the victim, can be incredibly disruptive. American hospitals are increasingly targeted by cybercriminals and medical staffs are left unable to access critical patient records, even as basic as which drugs a patient has been taking or might be allergic to," Mr. Merritt told Sputnik.
This is why ransomware is so dangerous: 2,800 operations get canceled after a successful attack on a hospitalhttps://t.co/VTIOtOUlUE
— Heimdal Security (@HeimdalSecurity) December 8, 2016
So what can people do to avoid being attacked with ransomware software, especially if ransomware hackers may not even be prosecuted?
John Merritt said that the basic principles of IT security are your best friend. Don't click on attachments from unknown senders, stay vigilant and beware any email that asks you to confirm or change your password.
Latest advice and guidance on Ransomware — prevention and response #Donotpay #DonotPanic pic.twitter.com/SPMYCFV2QE
— The SINCERE Project (@SINCERE_Project) November 17, 2016
With ransomware becoming a serious problem, the fact it is now illegal in certain states in the US is a progressive step in the right direction. However, if criminals are to be sent to prison for committing this crime, it appears that it must become a law which is more enforceable then it currently stands.