On January 1, 2017, a new law went into effect in California that makes ransomware use a standalone crime.
Technically, ransomware usage was an illegal activity before, but all people engaged in such activities were trialed based on state extortion laws or computer hacking and money laundering charges.
This new law makes ransomware use a standalone crime, allowing prosecutors to charge suspects much easier, without having to spend time proving the suspect was involved in a money laundering operation.
The bill was co-sponsored by Los Angeles County District Attorney Jackie Lacey and TechNet, a trade organization that advises on technology issues.
Under the new law, a person engaged in ransomware will be convicted of a felony and could be imprisoned up to four years.
California is the second state to criminalize ransomware usage as a standalone crime, after Wyoming did the same back in 2014.
Work on the new law started following the highly mediatized case of the Hollywood Presbyterian Medical Center, a hospital in Los Angeles that was hit by a ransomware infection.
In February 2016, Hackers had locked down several hundred computers at the hospital and forced staff and doctors to work with pen and paper for a few days. Initially, the gang asked for $3.6 million in ransom, but were content when they received $17,000.
The case made headlines across the Internet and got everyone's attention to the true damage a ransomware infection can cause.
According to the FBI, ransomware has become a big business, with crooks netting over $209 million just in the first quarter of 2016, compared to an estimated $25 million in all of 2015.
A report released yesterday by threat intelligence firm Recorded Future argues that ransomware infections are expected to grow in 2017. This is contradictory to a report from Intel's McAfee unit, who expects ransomware infections to drop.