Legislation Seeks to Ban Ransomware Payments From NY State Municipalities

Two bills drafted by New York state senators aim to ban ransomware payments from government agencies & municipalities following attacks on their data.

Earlier in January, two New York state senators submitted their proposals to their respective committee with a bill seeking to ban ransomware payments from government entities & municipalities. These movements would effectively ban payment of a ransom in the event of a “cyber-attack against such municipal corporation’s or government entity’s critical infrastructure”

Ransomware payments are made such scenarios when a victim’s files become encrypted and all other options of ransomware recovery are exhausted. 

New York State Senate bills to ban ransomware payments

There are two current bills in committee discussion with regards to ransomware and prohibiting payments for ransomware cyber attacks. Senate Bill S7246 sponsored by 4th District Sen. Phil Boyle and Senate Bill S7289 sponsored by 38th District Sen. David Carlucci serve a purpose to block any ransomware payments from municipalities following a ransomware attack, forestalling any financial incentive for attackers. If ransomware operators are cognizant about not being able to receive extortion payments from government and municipality victims, they may look elsewhere. 

New York state continues to be a leader for enacting modern laws & regulations around cyber security and data protection. Last summer, Governor Andrew Cuomo of New York state signed the SHIELD Act (Stop Electronic Hacks and Improve Electronic Data Security Act) which helps protect New York residents and their data. 

This legislation sets a positive precedent that showcases the state’s ability to keep its resident’s data safer. The New York Police Department is also developing an app that allows authorities to better collect data from victims of cyber crimes in New York City, giving more resources for better communication of these challenges.


NY State Senate Bill S7289 to ban ransomware payments, Status as of January 2021

Ransomware payments in New York State

A blanket law to ban ransomware payments from any municipality in New York state sets a precedent for legislation surrounding the choice to a path of recovery from a cyber attack. Local governments must be prepared to handle the extremities of a ransomware attack that could leave their data encrypted and unrecoverable. More aggressive extortion techniques, such as those of the Maze ransomware variant, continue to leak data from victims to try and get them to pay the ransom. Municipalities in New York must have a strong & tested incident response plan that will ensure they are prepared. 

Cybersecurity professionals and IT staff working closely with New York state towns, cities, and municipalities must pay close attention to these bills and how they will affect their data security operations. 

Although the ransomware payments will be outlawed in this drafted legislation, that doesn’t mean ransomware operators will cease to target municipalities and their data. This presents a challenge as criminals will continue deploying cyber attacks to experiment and analyze how these cities and towns will react in case their data becomes encrypted (or further extorted).

Local municipalities continue to be targeted

Municipalities of all sizes & government agencies have been the focus of ransomware attacks in recent months. They are an opportunistic target for cyber crime because they often lack modern cybersecurity resources & training needed to prevent severe attacks. Ransomware is not the only type of malware that seeks to cause damage to government entities & municipalities. These public agencies continue to face challenges for politically motivated cyber crime such as wiper attacks

Additionally, the attackers behind the Maze Ransomware, have begun exfiltrating data and publishing it online from private companies. This represents a new risk for government entities that store private PII data of citizens. This legislation further stresses the necessity for better security posture and brings to light the importance of collectively improving our cyber defenses.

Municipalities of all sizes and government agencies have been the focus of ransomware attacks in recent months. They are an opportunistic target for cyber crime because they often lack modern cybersecurity resources and the training needed to prevent severe attacks. Ransomware is not the only type of malware that seeks to cause damage to government entities & municipalities. 

These public agencies continue to face challenges for politically motivated cyber crime such as wiper attacks. Additionally, the attackers behind the Maze Ransomware, have begun exfiltrating data and publishing it online from private companies. This represents a new risk for government entities that store private PII data of citizens. This legislation further stresses the necessity for better security posture and brings to light the importance of collectively improving our cyber defenses.

NY State Cyber-Security Enhancement Fund

Senate Bill S7246 introduces new funding opportunities for New York State municipalities with a population of one million or less, adding “a cyber security enhancement fund to be used for the purpose of upgrading cyber security in local governments”. This development, known as the Cyber-Security Enhancement Fund, will help bolster and enhance the cybersecurity hygiene of municipalities to defend against cyber and ransomware attacks. Cyber attacks can largely be prevented with attention from every member of an organization, and that includes municipalities as well. 


NY State Senate Bill S7289 to ban ransomware payments, Status as of January 2021

What do you think?

Leave a Reply
Read more

Related Articles

Contact us

Leading experts on stand-by 24/7/365

If you suspect data loss or network breach, or are looking for ways to compile digital evidence through forensics and eDiscovery services – our team can help.

What we offer:

What happens next?

1

 Our expert advisor will contact you to schedule your free consultation.

2

You’ll receive a customized proposal or quote for approval.

3

Our specialized team immediately jumps into action, as time is critical.

Request a Free Consultation