In February 2016, a computer hacker was able to seize control of the computer system at Hollywood Presbyterian Medical Center. This prevented the hospital from accessing its own data. It wasn’t a prank. The hacker demanded ransom in the form of “bitcoins.” Bitcoin is a new currency created about 8 years ago. They can be used to buy merchandise anonymously, are not subject to regulation, and there are no banks or other middle men involved in bitcoin transactions.
The medical center initially tried to handle the situation on its own. They paid the bitcoin equivalent of $17,000 to the hacker in order to obtain the “key” codes to reopen the system. After paying the ransom, they notified law enforcement of the problem. Eventually, the hospital was able to regain control over its computer system.
What is Ransomware?
Ransomware is a relatively new problem. There are different types of ransomware. It can stop you from accessing your operating system, encrypt files so that you cannot access the data, and stop some applications from running. The essence of ransomware is the demand for money to get back control of your PC, your files, and/or your system. Ransomware can target an individual PC, a business network, and even servers used by the government.
Is Using Ransomware a Crime?
Until late last year, the use of ransomware was not, in and of itself, a crime. That does not mean that events such as the hack at Hollywood Presbyterian were legal. But the prosecutions were based upon existing laws prohibiting computer hacking, extortion, and in some cases money laundering.
Last year, however, the California legislature focused specifically on ransomware, which has become a common problem worldwide. The state Senate passed SB 1137, which was signed into law (now codified at Penal Code section 523) by Governor Jerry Brown in September 2016. The new law defines ransomware, and states that its introduction into any computer, computer system or computer network, with intent to extort money or other consideration, is a felony punishable by 2, 3 or 4 years in prison. The new law, simply stated, makes using ransomware, in and of itself, a crime.
Law Office of David P. Shapiro
3500 5th Avenue, Suite 304,
San Diego, CA 92103