Why Lawmakers Are Trying To Make Ransomware a Crime in California

State legislation to outlaw ransomware is drawing broad support from tech leaders and lawmakers, spurred by an uptick in that type of cybercrime and a series of recent attacks on hospitals in Southern California.

The bill, authored by state Sen. Bob Hertzberg (D-Van Nuys), would update the state's penal code, making it a felony to knowingly use ransomware, a type of malware or intrusive software that is injected into a computer or network and allows a hacker to hold data hostage until money is paid.

Ransomware has become a lucrative industry over the last three years, affecting schools, police departments and healthcare businesses. Trojans that work like viruses, such as CryptoLocker -- which began appearing in 2013 -- can be unleashed by users with few technical skills and reel in profits.

"We are at a point where the amount of money being made is so high, other (bad) actors will keep coming," said Craig Williams, a threat researcher for Talos, part of the cybersecurity company Cisco Systems.

Proponents say the proposed ransomware law is the right step to counter attacks difficult to prosecute under existing statutes that are not tailored to combat computer crime. But some question just who will get caught in the dragnet, as such incidents are tough to trace and culprits are often overseas.

Victims nationwide lost more than $209 million in ransomware payments in the first three months of 2016 alone, compared with $25 million in all of 2015, according to the FBI.

But no arrests were made. Nor were arrests made in more than half a dozen of ransomware incidents investigated by the Cyber Investigation Response Team of the Los Angeles County district attorney's office, which is a co-sponsor of the bill.

Prosecutor Don Hoffman, head of the division, said authorities were not able to prove who was responsible. He supports the...

Comments are closed.