Now, we know what ransomware is and a little on how to fight against it. So, what are the applicable statutes and how can you recover? Naturally, after a person pays the ransom, or loses their data, they have been harmed by a violation. This could be potentially devastating to a small business or an individual. Yet, there’s no explicit way to recover the funds or recover from the harm except through a lawsuit. While, there is a statute specific to ransomware in California, individuals do have other avenues and claims. What is this new statute? What can someone recover in a lawsuit? Are there any difficulties for ransomware lawsuits?
In September 2016, California passed a ransomware statute under SB 1137, which in essence amended Penal Code § 523. This was prompted by an uptick of the attacks on hospitals. In the statute, the use of ransomware is punishable by 2-4 years in prison. This is in line with treating ransomware like extortion crimes. Furthermore, it defines ransomware in the statute as a “computer contaminant or lock placed or introduced without authorization into a computer . . . which the person responsible for the placement or introduction of the ransomware demands payment . . . to remove the computer contaminant . . .”