kaptn - Fotolia

California legislates against ransomware

US state introduces legislation to make it easier to bring ransomware attackers to justice and jail them for up to four years

The US state of California has introduced anti-ransomware legislation in an attempt to crack down on cyber attackers who use malware to lock up critical data and demand a ransom for its release.

Infecting computers with malware designed for this purpose is now illegal in the state, in an attempt to make it easier to prosecute offenders for the crime, reports Ars Technica.

Ransomware was one of the fastest-growing forms of cyber criminal activity in 2016, and security industry commentators expect the trend to continue.

“In 2017, we expect to see a continued evolution in ransomware,” said Aaron Shelmire, senior threat researcher at Anomali Labs.

“The Mirai malware has already demonstrated the ease with which IoT [internet of things] compromises can be automated. It is only a matter of time before some enterprising ransomware authors decide that the hordes of non-managed, non-backed-up webcams, routers and refrigerators can be held to ransom for a cheap price.”

Shelmire also expects to see ransomware make the jump to mobile devices, where many people store their most cherished personal data.

Wyoming was the first US state to pass anti-ransomware legislation in 2014. California’s new law means state prosecutors no longer have to resort to charging offenders under existing anti-extortion laws.

The anti-ransomware law, which was signed in September 2016 and took effect on 1 January 2017, reportedly provides clarity to make it easier for prosecutors to charge and convict perpetrators of ransomware attacks and provides for jail terms of up to four years.

Read more about ransomware

According to the FBI, ransomware payouts in the US rose from $25m in 2015 to more than $209m in just the first three months of 2016.

Several hospitals in the US and Canada were hit in a spate of ransomware attacks in April 2016, and in November there was an attempted ransomware attack on San Francisco’s Muni transport system.

In December, security researchers urged ISPs to issue emergency patches for Mirai botnet infections after 2,374 TalkTalk routers were linked in a regional botnet.

The alert came just days after a Mirai variant caused a mass shutdown of Deutsche Telekom routers, reportedly affecting more than 900,000 customers.

The release of the Mirai malware code on an underground forum in October 2016 raised fears of a surge in distributed denial of service (DDoS) attacks using hijacked devices such as routers that make up the IoT.

Soon afterwards, the Mirai botnet was used to carry out DDoS attacks on domain name system (DNS) services supplier Dyn that rendered a number of web services unusable, including Netflix and Twitter.

VPN service provider NordVPN believes crackdowns by law enforcement agencies will help reduce general ransomware attacks, but mobile ransomware is expected to increase.

Mobile users generally have their data backed up on the cloud, and NordVPN predicts an increase in mobile ransomware designed to steal users’ bank credentials to raid accounts.

Read more on Hackers and cybercrime prevention