Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Will Maryland Be the Third State to Criminalize Ransomware Possession and Distribution?

January 28, 2020

Bitdefender's Hot for Security blog carried a post on January 22 covering a new bill that would make it illegal to own and distribute ransomware and it stiffens punishment for ransomware operators.

If the bill passes, Maryland would be the third state, after Michigan and Wyoming, to criminalize the possession and distribution of ransomware. The bill makes exceptions for penetration testing, security researchers, and other legitimate reasons to own ransomware.

The bill is designed to give prosecutors the right tools. Democrat State Senator Susan Lee, the sponsor of the bill, enrolled the help of Markus Rauschecker, the Cybersecurity Program director of the University of Maryland Center for Health & Homeland Security.

"It's important to send that signal. This bill highlights the threat and how big it is," said Rauschecker to lawmakers, according to Capital News Service. If the bill becomes law, using ransomware would be classified as a misdemeanor and carry a penalty of up to ten years in jail and/or a fine up to $10,000.

As readers of RTL will remember, hackers hit Baltimore with a RobbinHood ransomware attack on May 7, 2019. All administrative transactions, payments and communications were frozen after city officials refused to pay the attackers. It took them more than eight weeks to restore all systems.

Following the attack, Baltimore City's board allocated $10 million to an emergency ransomware response to prevent similar attacks. When the dust settled, the city estimated recovery costs at $18 million.

The current law in Maryland specifies that a cyberattack that incurs damages of less than $10,000 is a misdemeanor and carries a punishment of up to five years in prison and a fine up to $10,000. If the damages pass the $10,000 mark, it turns into a felony, and the punishment goes up to 10 years in prison.

The new bill would dispense with limits for damages and raises the punishment to up to 10 years, even if it's a misdemeanor. This is a step in the right direction, but corralling these ransomware gangs is one hell of a challenge.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Will Maryland Be the Third State to Criminalize Ransomware Possession and Distribution?

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer