The whole point of the legal process is that it’s methodical. Lawmakers have to ensure the rules by which society is governed are fully ironed out before the public can be expected to follow them. While this helps avoid any sort of tyrannical oversight, getting a law enacted often takes quite a long time. This generally means that the rate at which technology develops outpaces the rules meant to regulate it.
This is exactly what is currently happening with ransomware. This particular cyberattack is unlike anything the world has seen before. The criminals behind these incidents aren’t technically stealing data, which is very clearly a crime. However, they also aren’t extorting businesses in the traditional sense, such as throwing a trash can through a window or putting a gun to someone’s head. No, ransomware-based extortion is much more subtle, and yet it’s just as dangerous to a company’s bottom line.
Clearly, this hacking technique needs its own set of laws, a sentiment that California legislators have taken to heart. A bill was recently passed through the state assembly that should make ransomware a very dangerous line of business for hackers in the Golden State.
New California bill gives prosecutors teeth
The bill, which is named SB1137, is currently on it’s way to Governor Jerry Brown so that it can be put into effect, according to Digital Trends’s Jonathan Keane. Basically, the bill hopes to outline exactly what ransomware is, thereby filling in any cracks in the current legal code. This is a very clear message to hackers stating that they will not escape justice if they are caught breaking the law in this way.
What’s more, a criminal that is convicted of a ransomware attack can expect some pretty hefty consequences for his actions. Keane reported that hackers can face up to four years in prison for their crime. On top of that, these kinds of infractions will be considered felonies, which means that a guilty party will have this on his or her record for life. These kinds of cases also often allow the judge to suspend a person’s internet activity for a given period of time, which is a major setback for somebody whose most valuable skills lie in computer science.
Basically, this is all meant to wake hackers up to the reality of their actions. Legislators will want to set some examples by bringing the hammer down hard on those who are convicted under this potential law, an opinion that is embodied by the bill’s author Senator Robert Hertzberg.
“We need to make clear that intentionally using ransomware is a very serious crime that will not be tolerated and will be prosecuted, just like any stickup,” Hertzberg said. “That’s what this legislation does.”
Hospitals have been the most devastating targets
While this bill still needs to be signed by Governor Brown, the rise in ransomware cases can no longer be ignored. This is especially true of hospitals, an industry that has time again become the victims of hackers using this specific form of malware. In fact, California has had all kinds of trouble when it comes to health care and ransomware.
The Los Angeles Times’s Richard Winton pointed out some of the more prominent institutions to have been hit by these kinds of attacks; Chino Valley Medical Center, Desert Valley Hospital of Victorville and Hollywood Presbyterian Hospital. That last hospital is especially notorious due to the fact that it was forced to actually pay the hacker. Hollywood Presbyterian Hospital had to convert $17,000 to bitcoin and hand it off to the criminal, according to Winton.
While this is in no way the hospital’s fault, as they were just trying to get services back online to help their patients, it is sad to see such a benevolent institution fall victim to a common criminal’s extortion scheme. Hopefully, the new bill will discourage this kind of behavior in the future.
What are the characteristics of a ransomware campaign?
In order to truly understand the extent of ransomware’s reach, company leaders must educate themselves as to their organization’s major attack vectors. Like many other successful hacking techniques, ransomware is very often spread by exploiting human error. We’ve found that cybercriminals often employ spam email campaigns to get an employee to click on a malicious attachment.
When attempting to infect an organization’s network, hackers will generally send an email that has business connotations, such as an invoice or a message concerning a recent shipping operation. This is meant to legitimize the email and lull the employee into a false sense of security. Cybercriminals will also often make their correspondence look as if it’s coming from a legitimate address, even going so far as to put corporate logos in the body.
Another major point our researchers have noticed is that ransomware is generally distributed in a very timely fashion. We’ve discovered that TorrentLocker ransomware was received between 1:00 PM and 7:00 PM EST, while CryptoWall was generally sent out between 5:00 AM and 9:00 AM EST. This is important because these are the main hours of business in countries that fall victim to these attacks. Basically, sending out a spam email at midnight seriously detracts from success, as the message will be bogged down by others, which gives the target more chances to recognize something has gone wrong. If the hacker can catch the employee right in the middle of the busiest part of their day, however, the person might not see the danger in clicking on the link.
While California’s push toward harsher cybercrime laws could certainly be a major turning point for the country as a whole, the fact still remains that actually catching a hacker after the fact is extremely hard. Therefore, the best avenue for organizations to take is to simply attempt to avoid an infection in the first place.
Employees need to be reminded that they are the targets, and that they need to be on the lookout for social engineering tactics such as those described above. Company leaders should also push for multi-layered defense solutions that set up an infrastructure with the goal of detecting ransomware before an infection occurs.