Possessing ransomware now illegal in Michigan

Michigan is stepping up its push to go after criminals who traffic in ransomware.

Michigan governor Rick Snyder has signed legislation that criminalizes the possession of ransomware, malicious software that locks you out of your data and demands money to get access to that data back.

The law makes the possession of ransomware a felony, punishable by up to three years in prison, according to a statement on the governor’s website. A person must “knowingly” possess ransomware “with the intent to introduce it into a computer or computer network without authorization,” according to the statement. 

As cybercrime becomes increasingly sophisticated, Michigan is cracking down. "It's integral our law enforcement agencies have the tools to identify, prevent and penalize it,” Governor Snyder said in a statement.

These laws should make it easier to go after criminals who are connected to ransomware but don’t themselves execute ransomware attacks. 

“This, in theory, should make it easier for state authorities to go after suspected ransomware developers, affiliates, and others involved in Ransomware-as-a-Service operations,” according to Bleeping Computer, a website that reports on malware outbreaks.

Ransomware-as-a-service, or RaaS, is software that enables criminals, even those with little technical knowhow, to launch a ransomware attack.

A computer screen cyberattack warning notice reportedly holding computer files to ransom, as part of a massive international cyberattack, at an office in Kiev, Ukraine, Tuesday June 27, 2017,   A new and highly virulent outbreak of malicious data-scrambling software appears to be causing mass disruption across Europe, hitting Ukraine especially hard.  Image used with permission of the account holder facebook.com/olejmaa checked and consistent with independent AP reporting.  (Oleg Reshetnyak via AP)

The law makes the possession of ransomware a felony, punishable by up to three years in prison, according to a statement on the governor’s website.

Ransomware infections steadily increased year-over-year after  2013 and reached a record high of 1,271 detections per day in 2016, according to Symantec’s Internet Security Threat Report released in March of this year. 

While Ransomware detections didn’t top that record in 2017, they remained at “elevated levels,” according to the report from the cybersecurity software firm.

The average ransom demand in 2017 was $522, the report said.