Cyber Security

Ransomware Attacks Now Extortion Under California Law

Now, the state needs to actually arrest someone for it

Cyber Security
Illustration: R. A. Di Ieso
Sep 28, 2016 at 12:58 PM ET

Ransomware is now officially extortion in California.

Deliberately hacking someone’s computer is already a federal crime, of course, and deploying ransomware — a malicious program that encrypts a computer’s files, usually demanding a bitcoin ransom to restore them — clearly falls under that category. But California’s SB-1137, signed into law Tuesday evening by Governor Jerry Brown, is believed to be the first law that specifically expands the state’s law against extortion to include ransomware.

The bill’s support in the California Senate was buoyed by testimony from one of the first high-profile ransomware victims, Hollywood Presbyterian Medical Center, where operations were largely shut down by a ransomware infection. The attackers relented when the hospital coughed up a $17,000 payment.

Since it can be relatively easy for a smart hacker to hide their tracks as they spam ransomware attempts around the world, few people, if any, have ever actually been arrested for such an attack in the U.S. Arrest Tracker, a site that attempts to catalog hacking arrests around the world, doesn’t contain any suspects listed for ransomware.

That doesn’t mean the California bill didn’t get under some hackers’ skin. Soon after the California Senate passed it, its site was hit with ransomware. In a separate attack, Sen. Bob Hertzberg (D-Los Angeles), who introduced the bill, saw his office also hit.

Though it’s existed for years, incidents of ransomware have risen drastically in recent months. Europol declared Wednesday it’s the internet’s “most prominent malware threat.” The FBI has issued multiple warnings to American businesses, though it offers little solution. Prevention is relatively easy: Don’t get infected in the first place by not falling for emailed phishing attacks, and back up your systems in case you do get hit. Though there are some ransomwares that researchers can beat, most victims have little choice but to pay up and hope their extorter stands by their word.