Bipartisan Bill to Combat "Ransomware" Passes First Test

Tuesday, April 12, 2016

The Senate Public Safety Committee today approved bipartisan legislation authored by Democratic Senator Bob Hertzberg (D-Van Nuys) and co-authored by Republican Senator Patricia Bates (R-Laguna Niguel) and others that would make “ransomware” the criminal equivalent of extortion. It would be a crime punishable by up to four years in jail.

“Technology has revolutionized the way many people conduct their business, which sadly includes criminals too,” said Bates. “I applaud Senator Hertzberg’s leadership on this issue and the Senate Public Safety Committee for recognizing the need for our bipartisan bill. It’s time state law recognizes ransomware for what it truly is: old-fashioned extortion.”

Ransomware involves infecting a user’s computer with a virus that locks it until a ransom is paid. Senate Bill 1137 would define “ransomware” in state law and make it a crime to introduce it into any computer, system or network. The range of punishment (up to four years imprisonment) is equivalent to the punishment under current law for extortion.

Earlier this year, Hollywood Presbyterian Medical Center paid a $17,000 ransom in bitcoin to a hacker who seized control of the hospital's computer systems and would give back access only when the money was paid. More recently, computer systems at two Southern California hospitals were held hostage by hackers after being hit with ransomware. While patient records were not compromised, such attacks have become more common and brazen.

Last year's 2,453 reports of ransomware hackings to the FBI totaled a reported loss of $24.1 million, making up nearly one-third of the complaints over the past decade. They also represented 41 percent of the $57.6 million in reported losses since 2005.

SB 1137 will now go to the Senate Appropriations Committee for its consideration. The bill is supported by TechNet, Los Angeles County District Attorney Jackie Lacey, Association of Orange County Deputy Sheriffs and other organizations.