New York wants to ban paying ransomware demands
by Anthony Spadafora
While it is advised that ransomware victims never pay their attackers, many businesses and even governments still do, which is why two state senators from New York have proposed bills banning local municipalities and governments from using taxpayer money to pay ransomware demands.
Republican Senator Phil Boyle proposed the first bill (S7246) on January 14 and just two days later, Democrat Senator David Carlucci introduced the second bill (S7289). At this time, both bills are under discussion in committee though it is still unclear which will move forward to a vote on the Senate floor.
Both bills feature similar texts with the only difference between the two being that S7246 also proposes creating a state fund to aid local municipalities in improving their cybersecurity posture:
- SNAKE ransomware looks to encrypt an entire business network
- US city votes to pay ransomware demand
- Also check out the best free anti-ransomware software
“The Cyber Security Enhancement Fund that will make available grants and financial assistance to villages, towns, and cities with a population of one million or less for the purpose of upgrading the cyber security of their local government.”
An end to ransom payments
The bills introduced by the New York Senators represent the first time that state authorities have proposed a law that explicitly forbids local municipalities and governments from paying a ransom following a ransomware attack.
Back in July, the US Conference of Mayors unanimously adopted a resolution not to pay any ransom demands after being infected by ransomware. However, the resolution was nothing more than an informal declaration with no real consequences put in place for breaking it.
If either of the senators’ bills are voted into law, it will be the first time that formal legislation is put into place in the US to combat the growing ransomware epidemic.
The move would also encourage businesses and other organizations to follow suit when it comes to not giving in to the demands of cybercriminals.