Pennsylvania would probably be the first state in the whole of United States to ban ransomware payments from being made by taxpayers’ money. The Senate of the said state passed the Bill number 726 amending Title 18 and has pushed it over to the House of Representatives for further thought process.
So, from now, anyone who possesses, distributes, sells, purchases or develops the file encrypting malware will be termed as criminal as per the newly approved bill that still needs further consideration by few of the political veterans.
Interestingly, the bill states that the government, under any circumstances, should not use the money paid as taxes to free up the data from the hackers. However, the legislation allows the authorities to use the taxpayers’ amount for paying a ransom only during the time of declared disaster emergency and that too only after the endorsement of the state governor.
Besides, the victimized government entity that includes General Assembly, Local Government organization, school districts, state owned Universities, Community College, and Charters along with cyber schools are required to notify the Office of Administration details related to ransomware attacks within 60 minutes of the malware intrusion discovery.
A two hours of reporting time frame has been granted to Commonwealth agencies as per the latest legislation.
After receiving the official notification from the victim, the Executive Office of the President will have to inform FBI and CISA within a 24 hours time frame and must include the probed details in the annual ransomware report submitted to the general assembly.
Additionally, the legislation has also approved a new office of IT to be established in Pennsylvania that would monitor the cyber security measures taken by private and public agencies in the state and will recommend best practices to be followed to sustain or thwart such cyber attacks.