State officials say criminalization is the first step in better-handling hard-to-solve cybercrime cases
Perhaps the most ominous part of cybercrime is the fact that those responsible for attacks are often tough if not impossible to track down. This makes arrests and prosecution for these crimes downright unfeasible. Lawmakers in California are trying to tackle this problem head-on by targeting an especially malicious and sophisticated form of cyber-attack called ransomware.
Ransomware attacks involve criminals encrypting stolen data and demanding a high-priced ransom just to regain access. Ransomware attacks take hold of data when a user clicks on a malicious link or opens an infected email. If data isn’t backed up properly, businesses and individuals are left with no other option but to fork over digital cash directly to criminals to decrypt their data. The hard to trace attacks can originate from anywhere in the globe, and California businesses have felt the increasing burn of ransomware for years. Perhaps the most recent notable case was that of the Hollywood Presbyterian Medical Center. After being targeted by cybercriminals, the hospital was forced to have $17,000 exchanged for digital bitcoin currency and pay off the criminals to regain access to critical patient data.
Without a particular law to criminalize ransomware, prosecutors have been forced to try and prosecute ransomware cases using existing legal sanctions around computer fraud and extortion threats. The existing legislation, however, often doesn’t fit the crime, making an effective investigation and prosecution difficult. As ransomware attacks become more prevalent and sophisticated, the need for specific legislation is critical.
Local cyber experts from Intivix believe that implementing specific ransomware criminal sanctions is a necessary step in getting on top of such a tricky issue. “Putting a particular, serious law in place is undoubtedly a positive step.”Intivix Co-Founder, Rob Schenk says. “Criminalization won’t solve the problem completely, but it does send the message to cybercriminals that the state is taking this kind of malicious activity seriously.”
Under the new legislation, ransomware cyber-criminals who are caught will face up to four years in prison and a hefty $10,000 fine. While the law would provide prosecutors with resources and tools they didn’t have before, it is by no means a perfect solution or a fool-proof form of protection for business owners. “The bottom line is, companies need to be informed and vigilant with or without a ransomware law.” Schenk continues. “Staying vigilant and investing in a layered security solution combined with an effective, monitored backup solution is truly the best approach to preventing ransomware attacks altogether or responding to them correctly when they do occur.”
If you’d like to connect your business-minded audience with more information about the increasingly serious concern about ransomware attacks, the new California legislation that criminalizes it or how businesses can stay informed and protected, please don’t hesitate to reach out to Rob Schenk at Intivix to learn more at (415)-549-9681 or send an email to [email protected]