Lawmakers in Maryland are considering legislation that would make ransomware attacks a crime punishable with prison time, BankInfoSecurity reports.
The bill would make extortion via unauthorized software a criminal offense, for which violators could face up to 10 years imprisonment, as well as a $10,000 maximum fine.
The legislation reads "a person who has the intent to unlawfully extort money, property or anything of value from another may not knowingly create, place or introduce without authorization software into a computer, computer system or computer network if the software is designed to encrypt, lock or otherwise restrict access or use by authorized users of the computer/system/network."
Under the bill, a ransomware victim — including individuals and organizations — would be able to bring a civil action in court.
"It makes sense to make these attacks a crime; there's been a dramatic rise in these events on hospitals, utilities and others," bill autor Sen. Susan Lee, D-Montgomery, Md., told BankInfoSecurity. She added that a ransomware attack last year on Columbia, Md.-based MedStar Health "was pretty devastating. … These attacks can cause injury and cost lives."
California and Wyoming have enacted similar legislation, according to BankInfoSecurity.