The Senate on Thursday unanimously voted to crack down on computer crimes that render computer systems unusable until a ransom is paid.
By a 38-0 vote, lawmakers said such an attack should be considered extortion and prosecuted under the state criminal code as such. The bill, which won Assembly approval Tuesday, now goes to Gov. Jerry Brown.
“Nearly every day, we read in the news about ransomware attacks stifling government agencies or private companies,” bill author Sen. Bob Hertzberg, D-Van Nuys, said in a statement. “This is essentially an electronic stickup, and we need to treat it with the same seriousness and severity we would treat any stickup.”
In the last few years, hospitals, governments and private companies in California have been increasingly confronted with ransomware attacks — their computers and networks shuttered by hackers demanding payment. Ransomware payments skyrocketed to more than $204 million in the first three months of 2016 compared to $24 million for all of last year, according to Hertzberg’s office.
Earlier this year, the Hollywood Presbyterian Medical Center paid a $17,000 ransom in bitcoin to restore access to its computer system.
Hertzberg’s bill updates the state penal code and would make a ransomware violation punishable by a two- to four-year jail term and fine of up to $10,000. It would classify the crime in existing extortion law.
