This week I floor managed a bill that prohibits the state and political subdivisions of the state from expending taxpayer money for payment to persons responsible for ransomware attacks, except in the cases of critical infrastructure or emergency situations.
Ransomware is a type of malware where a hacker takes control of a user’s data through encryption, holding it hostage until the ransom is paid. Even after being paid, entities are not guaranteed their data will be released intact resulting in data loss, financial loss and even operational shutdown.
Ransomware attacks and cyber-criminals are a growing threat to state and local governments. Political subdivisions across the country are facing hostage situations with critical data with limited knowledge or mitigation strategies to address an attack.
Taxpayer dollars should not be used to pay the ransom on a ransomware attack. Instead, those dollars should be invested in proactive measures that include cyber security, training, software, and mitigation strategies that address the problem of attacks, keep our citizens data safe, and avoid disruption of services.