Ransomware
attacks have been increasing steadily for a few years, and operators gain
confidence with every new strike. While cyber-experts burn the midnight oil
coming up with solutions to thwart this dangerous form of malware, lawmakers in
the U.S. state of Maryland are trying a shortcut – they aim to increase prison
time for ransomware operators.

Experts
have long insisted that caving in to ransomware operators’ demands not only
encourages them to strike again, but it also doesn’t ensure you get your data
back. Using a security solution to prevent attacks undoubtedly helps, but the
best defences against ransomware remain vigilance and offline backups.

Because
of the way ransomware works, though, operators often remain at large. That’s
why legislators in Maryland have decided to give future cyber-crooks a scare,
by increasing slammer time to 10 years for any ransomware attack resulting in losses
greater than $1,000.

Via
DelmarvaNow:

Maryland Senate bill
151, cross-filed with House bill 211, would define ransomware attacks that
result in a loss greater than $1,000 as a felony, subject to a fine of up to
$100,000 and a maximum sentence of 10 years in prison.

Under current Maryland
laws, a ransomware attack that extorts a loss less than $10,000 is considered a
misdemeanor, while a breach that results in a loss greater than $10,000 is a
felony.

The
new bill would punish any ransomware attack on any entity, regardless of the
operators’ scope or intentions. But according to bill sponsor Sen. Susan Lee,
the proposal mainly aims to stop attacks on hospitals – Maryland has seen a
number of healthcare institutions hit heavily by ransomware in recent years.

“No
industry is safe from ransomware, most importantly our hospitals,” Senator Lee
said.

“Ransomware attacks on hospitals are a continuing problem across the country and often create major problems for the facilities, including loss of lives, misdiagnoses and other technological disadvantages for doctors and patients,” Lee told reporters.

The
news is certainly encouraging. If the bill passes and succeeds in reducing
ransomware attacks in the state of Maryland see a decrease in ransomware
attacks, legislators from other states will have a precedent when deciding
their next course of action against cyber-crime.