Well, we all realize the havoc that malware can wreak on unsuspecting victims, but what is the government doing to punish hackers that possess the code needed to create new victims?
The State of Maryland is considering criminalizing the possession of ransomware.
A bill introduced in January of 2020 would penalize Marylanders who knowingly possess this type of malware and intend to use it for criminal purposes. The bill also allows ransomware victims to sue hackers for damages in civil court.
Maryland has already outlawed the use of technology considered to be malicious to extort money out of victims. Senate Bill 30 as it is known, would make it a misdemeanor to be in possession of ransomware with the intent to use it in a malicious manner.
Any person convicted under this new law could face up to 10 years in prison and/or a fine of up to $10,000.
The proposed law would not apply to cybersecurity researchers or “white hat hackers” who may be in possession of ransomware for research purposes.
State Senator Susan Lee, who is the lead sponsor of the legislation, said that it “gives prosecutors tools to charge offenders.”
Lee also added that it was “important to establish [the bill] so criminals know it’s a crime.”
In January of 2019, the Salisbury, Maryland, police department was thrown into disarray − victimized by a ransomware attack that prevented officers from accessing parts of the department’s computer network. Four months later, Baltimore, Maryland, was hit by another ransomware attack that is said to have cost the city as much as $18 million.
Possessing ransomware is already a crime in several US states, including Michigan and California. The fight against ransomware was initially started by Wyoming, which in 2014 became the first state to criminalize the possession of ransomware, spyware, adware, keyloggers, and several other types of malicious software.
The proposed Maryland bill is important as malware based crime spirals out of control nationally. In 2019 ransomware malware impacted at least 113 state and municipal governments and agencies, 764 healthcare providers, and 89 universities, colleges, and school districts, with the costs of these attacks said to be in the range of $7.5 billion.
The State of Maryland is beginning to take positive steps to remedy the malware epidemic, and that’s a very good thing. Especially considering the fact that multiple strains of malware continue to victimize users across not only the US, but the world.