[BreachExchange] Arizona lawmaker proposes ban on taxpayer-funded ransomware payouts

Wed Jan 12 15:38:02 EST 2022

https://www.washingtonexaminer.com/politics/arizona-lawmaker-proposes-ban-on-taxpayer-funded-ransomware-payouts

Any public entity in Arizona that’s held ransom for its digital assets
could not pay the ransom to get those assets back, under a new proposal.

State Rep. Shawnna LM Bolick, R-Phoenix, filed two bills Tuesday that would
ban state or local entities from paying off a ransomware attack.

A ransomware attack is typically described as a situation where an entity’s
sensitive or valuable data is encrypted or taken from it by another entity
asking to be paid in exchange for its safe return. The Federal Bureau of
Investigation advises against paying for information that’s held captive in
this manner, as it not only enables more ransomware attacks but often
doesn’t result in the entity giving the information back.

The FBI says ransomware can be downloaded in a number of ways, including by
opening an email attachment, clicking an ad or a link, or visiting a
corrupted website containing malware.

House Bill 2145 bans any such payment by the state or any political
subdivision to reacquire data held ransom. House Bill 2146 requires any
unit of government subject to a ransomware attack to report the situation
to the state Department of Homeland Security.

“As more data security breaches and ransomware attacks are on the rise, we
must ensure the bad actors are not receiving compensation for these
breaches,” said Bolick. “I have sponsored two bills to prohibit ransomware
payment and to notify the Director of the Arizona Department of Homeland
Security of data security breaches, so there can be a coordinated effort to
push back against this malfeasance.”

An October 2020 report from the Financial Crimes Enforcement Network found
exchanges and other financial institutions reported $590 million in
ransomware payments in the first half of 2021. The report said that exceeds
2020’s total of $416 million.

"Further, paying a ransom incentivizes and emboldens cyber criminals to
target more organizations," Bolick said. "Worse, ransom payments may be
used to fund other illicit activity. With the additional policies and
reporting requirements in place, Arizona can be recognized as a top leader
in this country when it comes to responding and shutting down this criminal
activity.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220112/241f3983/attachment.html>