A new Indiana bill plans to make ransomware attacks a crime on its own punishable with a sentence from one to six years in prison, and a maximum fine of up to $10,000.
House Bill 1444 was proposed last year by State Rep. Christopher Judy’s (R-Fort Wayne), passed the Indiana House of Representatives in late February, and will be heard tomorrow in the Senate Corrections and Criminal Law Committee, one of the few final steps before reaching the governer's desk.
Under current legislation, ransomware attacks are considered mere incidents of unauthorized access to a computer, and are categorized as misdemeanors.
Under proposed Bill 1444, authorities plan to recategorize unauthorized access to a computer as a Level 6 felony (6 months to 2.5 years in prison, fine up to $10,000).
In case the attack prevents the computer owner from accessing his files (ransomware attack) and/or causes damages of over $50,000, the penalty grows to a Level 5 felony (one to six years in prison, fine up to $10,000). More on Indiana's criminal offense levels here.
Currently, Wyoming and California are among the few other US states that categorize ransomware attacks as a crime on its own, while most states handle ransomware operators under generic hacking laws. Of course, the problem is not sending ransomware operators to prison, but catching them, as most operate cloacked in anonymity and from locations overseas.
Rep. Judy's proposal to make ransomware a separate crime came after a ransomware attack blocked access to the computer network of Madison County last November, delaying the publishing of election results.
Like many US states, Indiana has seen a rash of ransomware infections during the past year.
In April 2016, King's Daughters' Health center shut down for four days because of a ransomware attack.
In May 2016, the DeKalb Health center in Auburn, Indiana suffered a ransomware infection.
Just last Friday, a housing agency in Richmond, Indiana announced it suffered a ransomware infection that shut down its entire computer network.
While intially reported as a ransomware attack, the Little Red Door cancer agency in Muncie, Indiana was hacked by a well-known hacker known as TheDarkOverload (TDO), and did not suffer a ransomware attack, despite initial claims.