What is the law on ransomware? Cyber Incident Reporting Act (S. 2875), introduced Oct. 6, 2021. The measure would require critical infrastructure operators to report cyber-attack within 72 hours and all businesses with more than 50 employees to report a ransomware payment within 24 hours.
What is the penalty for ransomware? The proposed legislation known as Senate Bill 1137 calls for specific penalties for anyone connected to the spread of ransomware—from prison time of as long as four years and a fine amounting to $10,000.
Is paying a ransom to stop a ransomware attack illegal? 1 There is no generally applicable law prohibiting individuals or organizations from paying ransoms for the return of individuals or goods.
Are ransomware attacks illegal? However, it turns out that paying the ransom from a ransomware attack could be illegal. That’s right, in a 2020 ruling the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) and the Financial Crimes Enforcement Network (FinCEN) declared it illegal to pay a ransom in some (most) cases.