Ransomware Laws

Ransomware is used to infiltrate and lock the victim’s computer system in exchange of money. This type of malicious software (a/k/a “malware”) can cause substantial disruptions in an individual’s and a company’s business operations. It is usually caused when the unsuspecting victim clicks on a link to open an attachment or clicks on an advertisement or uniform resource locator to visit a third-party’s website that is embedded with the malware. The culprits usually request some form of ransom in order to decrypt the files. They will, and usually do, threaten the victim to either sell or leak the sensitive or confidential information if the ransom is not paid in time. There have been demands of up to or more than one-million dollars in recent years so the impact can be significant.

Ransomware can cause a “system lock” when the malware is unleashed on the computer or network system. This, in essence, will encrypt sensitive or confidential files on local or attached hard drives or other storage units. It is difficult to determine when or how the hackers infiltrated the system but the victim usually finds out when the computer systems are locked and inaccessible.

Technology experts recommend training yourself and your employees on a regular basis. This way, they will know what to look for and how to avoid these cybersecurity incidents. It’s important to have a regular backup of sensitive and confidential files and store the backup files in a secure location. We usually recommend storing them in local and remote locations. It is recommended to restrict user privileges such as permissions to install and execute software applications. Technology experts recommend enabling strong spam filters to prohibit phishing emails. They also recommend properly configuring the firewall to block access to known malicious Internet Protocol addresses. It’s also crucial to update the operating system and software applications on a regular basis according to law enforcement agencies.

In California, it is illegal to send malicious software to any person or entity for any reason. In fact, according to Senate Bill 1137 (“SB 1137”), it is considered a crime which carries heavy penalties in this jurisdiction. California Penal Code 523 was amended to address ransomware in its statutory guidelines. It states, in relevant part, that:

  • Every person who, with intent to extort any money or other property from another, sends or delivers to any person any letter or other writing, whether subscribed or not, expressing or implying, or adapted to imply, any threat such as is specified in Section 519 is punishable in the same manner as if such money or property were actually obtained by means of such threat.
  • Every person who, with intent to extort money or other consideration from another, introduces ransomware into any computer, computer system, or computer network is punishable pursuant to Section 520 in the same manner as if such money or other consideration were actually obtained by means of the ransomware.

The statute defines “ransomware” as a computer contaminant, or lock placed or introduced without authorization into a computer, computer system, or computer network that restricts access by an authorized person to the computer, computer system, computer network, or any data therein under circumstances in which the person responsible for the placement or introduction of the ransomware demands payment of money or other consideration to remove the computer contaminant, restore access to the computer, computer system, computer network, or data, or otherwise remediate the impact of the computer contaminant or lock.

Our internet and technology lawyers have been prosecuting and defending legal actions in state and federal courts and are available to speak with their clients. Our law firm assists clients in matters related to privacy and cybersecurity and the applicable state, federal, and international laws. Please contact our law firm to speak with an internet attorney at your earliest convenience.