- June 26, 2017
- CLLB Law
A bill signed into law this April in Indiana will significantly raise the penalties for ransomware attacks in Indiana.
Ransomware, according to TechTerms, is defined as: “A type of Malware that prevents you from using your computer or accessing certain files unless you pay a ransom. It often encrypts files so they cannot be opened.”
The Indiana Economic Digest suggests the bill is a response to several ransomware attacks in Indiana last year. They report that in November 2016, the Madison County government system was accessed and an individual encrypted files and demanded money to open them. Also in November, 76,000 Howard County government files were ransomed. The website BleepingComputer also reports that King’s Daughter Health Center in Madison was shut down for four days in April 2016, and in May 2016 the DeKalb Health Center in Auburn, Indiana, was ransomed.
The bill, which was introduced by State Rep. Chris Judy of Fort Wayne and was signed into law by the governor in April after being amended by the Senate and approved by the House, creates much stronger penalties for the people that launch ransomware attacks. It raises unauthorized access to a computer to a level 6 felony, which includes six months to 2.5 years in prison and a fine up to $10,000. In the event the hacker or software planted by an individual or organization prohibits the owner from accessing the files and causes more than $50,000 of damage, the charge becomes a level 5 felony, in which case the penalty becomes a maximum of 6 years in prison and a maximum fine of up to $10,000.
With the passage of the law, Indiana becomes only the third state – including Wyoming and California – that specifically addresses ransomware as a separate crime, and not under general hacking laws.
Ransomware attacks have recently become more common, more expensive and have gone worldwide. A story by National Public Radio (NPR) shows that a massive ransomware attack in May this year affected users in more than 150 countries and affected more than 300,000 computers. In most instances, the perpetrators demanded $300 to unencrypt the files.
There are ways to prevent ransomware from infecting a system, or at least to minimize the effects. Nomoreransom.org lists several, including:
- Back up all files to a cloud or at least to a site separate from the computer.
- Enable strong and updated security software.
- Update your computer frequently, especially software.
- Be wary. Many times ransomware is introduced through opening fraudulent emails. Make sure the emails are legitimate.
- Enable “Show Files” extension in Windows.
- If, despite precautions, ransomware is introduced onto your computer, whether through an email or by other means, disconnect from the internet immediately.
No security, especially in the cyber-world, can reasonably be expected to be 100 percent effective. However, by following the above steps, a layer of security can be provided which will make it much more difficult for hackers to reach into a system for nefarious purposes. And the sort of new legislation enacted by Indiana will hopefully be followed by other states, and make the costs of being caught a deterrent for would-be ransomers.
Church, Langdon, Lopp, Banet Law, a law firm in New Albany, Indiana, has faithfully served the people and communities of Indiana for several years in a variety of legal areas including criminal law and family law. We have the experience and resources to help you with your legal needs. To ask a question or to set up a consultation, contact us online or call us at 812.725.8224.