Maryland Democrat, State Senator State Sen. Susan C. Lee introduced bill SB30, which would make possession of ransomware illegal. The bill was carefully written to make ransomware illegal in the case of malintent, but not to harm security researchers who study the malware.
SB30 makes possession of ransomware a crime
Last May, the city of Baltimore made nation-wide headlines, as one of the largest population municipalities to be targeted by ransomware in US history. The attackers demanded a ransom of 13 Bitcoin and held the city’s data hostage for almost 3 weeks. The city finally capitulated and paid the ransom, gaining access to their systems once again on May 20th, 2019.
This was the second such attack on the city’s critical IT infrastructure within a year. As a response, Democratic State Senator Susan Lee, of Maryland’s 16th District has introduced legislation to make the possession of ransomware with the intent to infect another computer, database or computer system a crime.
This may seem strange, but Maryland is one of the few states in the union that have legislation ready to deal with the threat of ransomware or cryptojacking malware. The crime, while not very old, has been one of the fastest growing criminal endeavors of the last decade. Law enforcement and lawmakers are struggling to catch up to cybercriminals who have become increasingly more sophisticated.
Senator Lee took special care to word the bill in such a way that it would protect cybersecurity researchers who study and combat malware attacks, from prosecution. While simply passing a law won’t stop cryptojacking attacks by itself, it will give state prosecutors another tool to put offenders behind bars, once apprehended.
Cyber attacks are on the rise
In a similar story, we reported that Proofpoint a cybersecurity research firm, reported that 50% of US organizations fell victim to ransomware and phishing attacks in 2019. The FBI, the main law enforcement agency trying to combat cybercrime has seen the amount of new cases go parabolic.
Security researchers have seen a variety of malware used to carry out ransomware attacks. The NSA was hacked by a group of hackers called the Shadow Brokers who stole and sold the NSA’s hacking tools on the darkweb. Malware like NSA’s own Eternal Blue, along with malware like Wannacry, Ryuk, and the Robinhood ransomware which targeted the city of Baltimore have all been used in the wild. These malware attacks have been documented by security professionals.
The average ransomware attack demanded a median of $40,000 Dollars between July and September of last year and by December the average ransom demand had increased to $86,000 Dollars. The typical amount of downtime caused by the attacks themselves also increased from 12 days on average to 16 days average.
The increase in successful attacks, the increase in ransom amount and the increased downtime have all been increased evidence that the amount and frequency of the attacks is surging. The FBI, malware researchers and infosec professionals all recommend not paying the ransom if you become victimized.
Law Enforcement officials cite the fact that only 69% of those who paid were able to recover their data. Of those who paid, 7% were met with more demands for ransom, and 22% of victims were unable to ever recover their data even if they met the attackers demands.