Ransomware attacks have been increasing steadily for a few years, and operators gain confidence with every new strike. While cyber-experts burn the midnight oil coming up with solutions to thwart this dangerous form of malware, lawmakers in the U.S. state of Maryland are trying a shortcut – they aim to increase prison time for ransomware operators.
Experts have long insisted that caving in to ransomware operators’ demands not only encourages them to strike again, but it also doesn’t ensure you get your data back. Using a security solution to prevent attacks undoubtedly helps, but the best defences against ransomware remain vigilance and offline backups.
Because of the way ransomware works, though, operators often remain at large. That’s why legislators in Maryland have decided to give future cyber-crooks a scare, by increasing slammer time to 10 years for any ransomware attack resulting in losses greater than $1,000.
Maryland Senate bill 151, cross-filed with House bill 211, would define ransomware attacks that result in a loss greater than $1,000 as a felony, subject to a fine of up to $100,000 and a maximum sentence of 10 years in prison.
Under current Maryland laws, a ransomware attack that extorts a loss less than $10,000 is considered a misdemeanor, while a breach that results in a loss greater than $10,000 is a felony.
The new bill would punish any ransomware attack on any entity, regardless of the operators’ scope or intentions. But according to bill sponsor Sen. Susan Lee, the proposal mainly aims to stop attacks on hospitals – Maryland has seen a number of healthcare institutions hit heavily by ransomware in recent years.
“No industry is safe from ransomware, most importantly our hospitals,” Senator Lee said.
“Ransomware attacks on hospitals are a continuing problem across the country and often create major problems for the facilities, including loss of lives, misdiagnoses and other technological disadvantages for doctors and patients,” Lee told reporters.
The news is certainly encouraging. If the bill passes and succeeds in reducing ransomware attacks in the state of Maryland see a decrease in ransomware attacks, legislators from other states will have a precedent when deciding their next course of action against cyber-crime.