#Privacy: NY state wants to ban paying ransomware demands

Two New York state senators have submitted two bills that if passed would ban municipalities from paying ransomware demands.

The first bill (S7246), introduced by Republican NY Senator Phil Boyle on January 14, would make it illegal for government agencies to use taxpayer dollars to pay ransoms in response to ransomware attacks.

Whilst the second bill (S7289), introduced by Democrat NY Senator David Carlucci on January 16, states “no municipal corporation or other government entity shall pay ransom in the event of a cyber-attack against such municipal corporation or such government entity.”

The first bill also proposes the creation of a state fund, The Cyber Security Enhancement Fund, which will make grants and financial assistance available to villages, towns, and cities with a population of one million or less, “for the purpose of upgrading the cyber security of their local government,” reads the S7246 bill. 

The bills comes in response to the increasing amount of cyber attacks against government agencies, such as the ransomware attack against Lake City in Florida – to which the government agreed to pay the ransom. 

The bills also follows the US Conference of Mayors in July, who unanimously adopted a resolution to not pay ransomware demands. The FBI has also continuously maintained its stance that paying attackers’ demands will have no guarantee that victims will be able to recover their data. 

“A small investment in local government cybersecurity now, can help stop cybercriminals from profiting on the backs of New York State taxpayers and protect important state and local government services from disruption,” reads the bill. 

Against a background of increasing ransomware and phishing attacks, companies across the world are under pressure to optimise systems and processes in order to respond to the ever-present cyber threat. In one week, Data Protection World Forum will welcome, data protection, privacy and cyber security professionals to QEII Conference Centre to hear from industry professionals and subject matter experts address these key issues.

Register for PrivSec London today

Event details
Event: PrivSec London
Where: QEII Exhibition Centre, London
When: Tuesday 4th and Wednesday 5th February 2020


Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.