Pennsylvania Approves Ransomware Bill
Pennsylvania has approved new legislation barring state and local governments from using taxpayers’ money to pay ransoms to cyber-criminals.
Senate Bill 726, amending Title 18 (Crimes and Offenses) of the Pennsylvania Consolidated Statutes, was approved by the Pennsylvania Senate on Wednesday. The legislation has now advanced to the House of Representatives for further consideration.
The amendment defines ransomware and makes it illegal to possess, use, develop, sell or threaten to use the malware in Pennsylvania.
Penalties set for the newly imposed ransomware offenses vary depending on how much money is being exploited. While some violations are classed as first-degree misdemeanors, others have been designated a first-degree felony.
While prohibiting state and local governments from spending taxpayers’ dollars on cyber ransoms generally, the legislation allows this practice to go ahead should a declaration of disaster emergency be made and authorized by the governor.
Under the new legislation, state agencies, including the General Assembly, local government entities, school districts, state-related universities, community colleges and charter and cyber schools are required to notify the Office of Administration of ransomware attacks within an hour of discovery. Commonwealth agencies must report ransomware within two hours.
The Office of Administration is required to notify the FBI of ransomware attacks within 24 hours. In addition, the office must submit an annual report to the General Assembly on ransomware attacks.
The bill’s primary sponsor, senator Kristin Phillips-Hill, said: “We have seen an increase in ransomware attacks in governmental entities at all levels, as well as against critical infrastructure across the United States.
“We know that these attacks will grow as technology used by criminals becomes more sophisticated.”
She added: “This legislation draws a line in the sand to say that taxpayers will not pay the ransom requested by entities seeking to illegally extort cash from hard-working Pennsylvanians.”
On January 19, the Senate of Pennsylvania also approved legislation that would create a new Office of Information Technology and require cybersecurity best practices across state agencies.
The new office would manage and maintain IT procurement within state agencies and establish a strategic plan for future IT projects across state government.
More Stories
ForgeRock, Double Secret Octopus offer passwordless authentication for enterprises
ForegeRock is adding a new passwordless authentication capability, called Enterprise Connect Passwordless, to its flagship Identity Platform product to help...
ForgeRock, Secret Double Octopus offer passwordless authentication for enterprises
ForegeRock is adding a new passwordless authentication capability, called Enterprise Connect Passwordless, to its flagship Identity Platform product to help...
Mispadu Trojan Steals 90,000+ Banking Credentials From Latin American Victims
These included a number of government websites: 105 in Chile, 431 in Mexico and 265 in Peru Read More
KillNet Group Uses DDoS Attacks Against Azure-Based Healthcare Apps
Microsoft said it saw between 40 and 60 daily attacks in February Read More
BreachForums Admin Arrested in New York
Conor Brian Fitzpatrick of Peekskill was apprehended last Wednesday following an FBI investigation Read More
CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws
Last week, the US Cybersecurity and Infrastructure Security Agency (CISA) announced the launch of the Ransomware Vulnerability Warning Pilot (RVWP)...