Senate Co-Sponsorship Memoranda

In the near future, I will reintroduce Senate Bill 563 from last session which ensures that Commonwealth agencies have strong capabilities in place to discourage, combat and recover from ransomware attacks. These capabilities include measures to make illegal the possession, use, or transfer of ransomware, as well as prohibiting agencies from payment of ransom. Additional measures will help restore systems and captured information quickly and provide timely public notification of such attacks. 
 
Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. The software locks the user out of their files and/or device, then demands an anonymous online payment to restore access. 
 
In 2023, ransomware attacks saw a significant surge, with reports indicating a 73% increase in global incidents compared to the previous year. https://statescoop.com/ransomware-incidents-rose-73-globally-in-2023-report-shows/. Since the beginning of COVID-19, there has been a 47 percent increase in the severity of ransomware attacks. Newer strains of ransomware have been particularly malicious, with costly ransom demands and criminal actors threatening to expose an organization’s data if they do not pay the ransom demand. Half of all ransomware attacks now involve data being transferred without authorization (i.e., stolen.) 
 
While most ransomware attacks are not reported in the news, in 2023 at least 2,825 U.S. government agencies, businesses, educational establishments and healthcare providers experienced ransomware attacks at a potential cost in excess of $7.5 billion.
 
A small sample of the impacts from these ransomware attacks include medical records were inaccessible and, in some cases, permanently lost; surgical procedures were canceled, tests were postponed and admissions halted; schools closed; students’ grades were lost; 911 services were interrupted; police were locked out of background check systems and unable to access details about criminal histories or active warrants; surveillance systems went offline; badge scanners and building access systems ceased to work; property transactions were halted; websites went offline; online payment portals were inaccessible; email and phone systems ceased to work; driver’s licenses could not be issued or renewed; and payments to vendors were delayed. https://www.emsisoft.com/en/blog/34822/the-state-of-ransomware-in-the-us-report-and-statistics-2019/
 
This legislation will discourage ransomware attacks by reducing financial incentives for extortion, by shortening the duration of disruption to our agencies’ services, and by expanding prohibited acts subject to criminal prosecution. 

I worked with then-Attorney General Josh Shapiro to make improvements based on recommendations from his office on how to practically implement pieces of this bill. 
 
Please join me in cosponsoring this important legislation.  

Previous cosponsors include Senators Stefano, Laughlin, and Vogel.