As of January 1, California made the use of ransomware a felony, which carries a sentence of up to four years in prison.
The legislation, written by state Sen. Bob Hertzberg, says that introducing ransomware into any computer, system or network is punishable as extortion. California Gov. Jerry Brown signed the new bill into law last September.
"This legislation provides prosecutors the clarity they need to charge and convict perpetrators of ransomware," said Hertzberg in a press release. "Unfortunately, we’ve seen a dramatic increase in the use of ransomware. This bill treats this crime, which is essentially an electronic stickup, with the seriousness it deserves."
The use of ransomware to extort money from businesses is on the rise, and California is among the first states to make using ransomware a felony. California is also one of the states that has become a high-profile target for ransomware attacks.
In February, Hollywood Presbyterian Medical Center in Los Angeles paid the equivalent of $17,000 in bitcoins to a hacker to regain control of its computer systems. Then in November, the San Francisco transit system was hacked by ransomware, forcing the agency to give passengers a free ride.
A global report, released in August and sponsored by Malwarebytes, found nearly 50% of organizations globally have suffered a ransomware attack in the last 12 months. Instances of ransomware in exploit kits increased 259% in the early months of 2016 and globally, nearly 40% of ransomware victims paid the ransom.
Cybersecurity is still not heavily regulated and laws have not necessarily kept up to new cyberattack vectors to offer fitting punishments. As the industry continues to advance, more states, and perhaps even federal legislation, will be created that better comprehends and keeps up with the technology industry.