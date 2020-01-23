Image: Jp Valery

Two senators from the state of New York submitted two bills last week to prohibit local municipalities and other government entities from using tax money to pay for ransomware requirements.

The first bill (S7246) was proposed on January 14 by the Republican NY Senator Phil Boyle. The second bill (S7289) was introduced two days later on January 16 by Democrat NY Senator David Carlucci.

Both legislative proposals are discussed in the committee, and it is unclear what will lead to a vote on the senate.

Both S7246 and S7289 have similar texts. The only difference between the two is that S7246 also proposes the establishment of a state fund to help local municipalities improve their cyber security stance.

“The Cyber ​​Security Enhancement Fund that makes grants and financial assistance available to villages, towns and cities

with a population of one million or less to improve the cyber security of their local government, “reads the text of the S746 bill.

First of its kind

This is the first time anywhere in the US that government agencies have proposed a law that explicitly prohibits the payment of the ransom after a ransomware attack.

In July the US mayors’ conference unanimously adopted a resolution not to pay ransom demands to hackers after ransomware infections, but this was only an informal and meaningless statement.

“We are in favor of this legislation because it triggers a debate and highlights the problem,” said Bill Siegel, CEO and co-founder of Coverware, a cyber security company that helps victims recover from ransomware attacks and sometimes on their behalf. negotiates victims’ payments.

“I don’t think it will stop attacks on New York municipal organizations in the short term, it may even increase because ransomware distributors are trying to test the determination of these organizations,” Siegel told ZDNet.

“If a state where a bill has to be passed that renders payment of ransom illegal, two major problems must be seriously considered. 1) What happens if a New York municipal hospital is attacked and the downtime leads to the loss of life that had can be avoided if they were allowed to pay? 2) Are the municipal organizations sufficiently staffed and budgeted with DR plans (disaster recovery), backup systems and security programs to effectively ward off and repair an attack without material interruption of civilian operations cause? “Siegel added.

The NY Senator Boyle office could not be reached for comment. The NY Senator Carlucci office did not return a request for comment prior to the publication of this article.

The CEO of Coveware said he could not disclose whether his company was helping any New York state government organizations due to confidentiality agreements.

However, Siegel said that she helped municipal organizations in most US states recover from ransomware attacks.

“On a quarterly basis, they are generally about 10% of the cases we deal with,” he said.

Ransomware attacks in the state of New York

According to antivirus vendor Emsisoft, 113 US state and municipal governments and agencies were hit by ransomware in 2019. Although we do not have exact figures for the state of New York, several major ransomware incidents were reported in New York last year and in 2020.

In April 2019, ransomware hit the network of the city of Albany. The city chose to spend $ 300,000 to rebuild the entire IT network instead of paying the ransom.

In July 2019, libraries in Onondaga County had to close their computer network after a ransomware infection. The Watertown School District was hit the same month.

In September 2019, the Monroe-Woodbury School District delayed the start of the school year due to a ransomware infection.

During Christmas 2019, ransomware infected the network of the Albany County Airport Authority, which chose to pay the ransom demand, described as “under six digits.”

Ransomware also hit the city of Colonie in early 2020, but the authorities were prepared for a cyber attack and the city’s IT staff is currently recovering data from backups.