Ransomware attacks are one of the most common online threats in America. Both businesses as much as local governments are constantly on target hackers. This situation has been of great concern to senior officials. Last week, two New York senators proposed two bills prohibiting local governments and other government entities from using taxpayer money to pay ransom after a ransomware attack.
The two bills are similar. The only difference is that the S7246 also recommends creating one state fund to improve security in the cyberspace.
"The Cyber Security Enhancement Fund Provide grants and provide financial assistance to villages, communities, and cities with a population of one million (or less) upgrading local government cyber security"States the text of bill S746.
This is the first time that the state authorities of USA propose a law that explicitly prohibits ransom payments after a ransomware attack.
In July, the United States Conference of Mayors unanimously decided not to grant ransomware ransoms. However, it was not a formal decision.
"We are in favor of this legislation as it creates debate and raises public awareness of this problem," said Bill Siegel, CEO and co-founder of Coverware. THE Coverware is a company security specializing in ransomware after helping them victims to recover from such attacks, and sometimes negotiates them payments with hackers.
"I don't think attacks on New York agencies will decrease immediately, maybe even increase, as ransomware gangs can try to test the resolve of these organizations," Siegel said.
However, Siegel has some reservations on the application of such a law. If ransom payments become illegal, what happens if a public hospital receives a ransomware attack? These attacks can interrupt vital functions that can endanger patients' lives. What if, for example, someone lost their life because a solution was not immediately found to restore the systems? Death might have been prevented if ransom payments were made immediately. Furthermore, are public and governmental services adequately prepared and equipped with appropriate DR (disaster recovery) plans, backup systems and security programs; All this is so necessary for her prevention as for her effective treatment an attack.
Siegel said his company has helped many public organizations recover after a ransomware attack.
According to Emsisoft, 113 state and local governments and organizations were hit by ransomware in 2019. Many of these organizations were in New York.