Ransomware Is Now Officially Extortion Under California Law

RansomwareOf course everyone knows that hacking into a computer is a federal crime, and infecting a system with ransomware already falls into that bucket.  However, California’s SB-1137, signed into law last Tuesday by Governor Jerry Brown, is the first one that specifically expands extortion laws to include ransomware.

The bill’s support in the California Senate was helped by testimony from Hollywood Presbyterian Medical Center, where operations were largely shut down by a ransomware infection. The attackers sent the decryption code after the hospital paid  $17,000 in Bitcoin.

It is very easy to hide your tracks as a ransomware criminal. Very few people have been arrested for ransomware attacks in the continental U.S.  From our perspective, the California bill is more of an "awareness" thing than anything else. Some hackers decided to have some fun with it and soon after the California Senate passed it, its site was hit with ransomware and in a separate attack, Sen. Bob Hertzberg who introduced the bill, saw his office also hit.

Though it’s existed for at least 10 years, ransomware has skyrocketed since September 2013 with CryptoLocker. Europol declared Wednesday it’s the internet’s “most prominent malware threat.” The FBI has issued multiple warnings to American businesses. Prevention requires a multi-layered approach. 

Here Are 8 Things To Do About It (apart from having weapons-grade backup)

  1. From here on out with any ransomware infection, wipe the machine and re-image from bare metal
  2. If you have no Secure Email Gateway (SEG), get one that does URL filtering and make sure it's tuned correctly
  3. Make sure your endpoints are patched religiously, OS and 3rd Party Apps
  4. Make sure your endpoints and web-gateway have next-gen, frequently updated  (a few hours or shorter) security layers
  5. Identify users that handle sensitive information and enforce some form of higher-trust authentication (like 2FA)
  6. Review your internal security Policies and Procedures, specifically related to financial transactions to prevent CEO Fraud
  7. Check your firewall configuration and make sure no criminal network traffic is allowed out
  8. Deploy new-school security awareness training, which includes social engineering via multiple channels, not just email

Since phishing has risen to the #1 malware infection vector, and attacks are getting through your filters too often, getting your users effective security awareness training which includes frequent simulated phishing attacks is a must

KnowBe4's integrated training and phishing platform allows you to send attachments with Word Docs with macros in them, so you can see which users open the attachments and then enable macros!

See it for yourself and get a live, one-on-one demo.

 Request A Demo

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:



Topics: Ransomware

Subscribe To Our Blog

Ransomware Has Gone Nuclear Webinar

Get the latest about social engineering

Subscribe to CyberheistNews