Category Archives: Regulation

Ransomware to land cyber-crooks decades in Maryland prisons if new bill passes

Ransomware attacks have been increasing steadily for a few years, and operators gain confidence with every new strike. While cyber-experts burn the midnight oil coming up with solutions to thwart this dangerous form of malware, lawmakers in the U.S. state of Maryland are trying a shortcut – they aim to increase prison time for ransomware operators.

Experts have long insisted that caving in to ransomware operators’ demands not only encourages them to strike again, but it also doesn’t ensure you get your data back. Using a security solution to prevent attacks undoubtedly helps, but the best defences against ransomware remain vigilance and offline backups.

Because of the way ransomware works, though, operators often remain at large. That’s why legislators in Maryland have decided to give future cyber-crooks a scare, by increasing slammer time to 10 years for any ransomware attack resulting in losses greater than $1,000.

Via DelmarvaNow:

Maryland Senate bill 151, cross-filed with House bill 211, would define ransomware attacks that result in a loss greater than $1,000 as a felony, subject to a fine of up to $100,000 and a maximum sentence of 10 years in prison.

Under current Maryland laws, a ransomware attack that extorts a loss less than $10,000 is considered a misdemeanor, while a breach that results in a loss greater than $10,000 is a felony.

The new bill would punish any ransomware attack on any entity, regardless of the operators’ scope or intentions. But according to bill sponsor Sen. Susan Lee, the proposal mainly aims to stop attacks on hospitals – Maryland has seen a number of healthcare institutions hit heavily by ransomware in recent years.

“No industry is safe from ransomware, most importantly our hospitals,” Senator Lee said.

“Ransomware attacks on hospitals are a continuing problem across the country and often create major problems for the facilities, including loss of lives, misdiagnoses and other technological disadvantages for doctors and patients,” Lee told reporters.

The news is certainly encouraging. If the bill passes and succeeds in reducing ransomware attacks in the state of Maryland see a decrease in ransomware attacks, legislators from other states will have a precedent when deciding their next course of action against cyber-crime.

Is 2019 the year national privacy law is established in the US?

Data breaches and privacy violations are now commonplace. Unfortunately, the consequences for US companies involved can be complicated. A company’s obligation to a person affected by a data breach depends in part on the laws of the state where the person resides. A person may be entitled to free credit monitoring for a specified period of time or may have the right to be notified of the breach sooner than somebody living in another state. … More

The post Is 2019 the year national privacy law is established in the US? appeared first on Help Net Security.

SEC Releases ICO Guidelines; Too Little, Too Late for Cryptocurrency Investors?

The U.S Securities and Exchange Commission has released a guide for would-be cryptocurrency creators and investors; but a over a year on from the heady peak of the ICO craze, is it too little, too late? SEC Offers ICO Guide The SEC’s newly released guide to initial coin offerings features five main points, many of […]

The post SEC Releases ICO Guidelines; Too Little, Too Late for Cryptocurrency Investors? appeared first on Hacked: Hacking Finance.

Four differences between the GDPR and the CCPA

By passing the California Consumer Privacy Act (CCPA), which goes into effect on January 1, 2020, the Golden State is taking a major step in the protection of consumer data. The new law gives consumers insight into and control of their personal information collected online. This follows a growing number of privacy concerns around corporate access to and sales of personal information with leading tech companies like Facebook and Google. The bill was signed by … More

The post Four differences between the GDPR and the CCPA appeared first on Help Net Security.

Industry reactions to Google’s €50 million GDPR violation fine

On 21 January 2019, the French National Data Protection Commission (CNIL) imposed a financial penalty of €50 million against Google, in accordance with the GDPR. This is the first time that the CNIL applies the new sanction limits provided by the GDPR. The amount decided and the publicity of the fine are justified by the severity of the infringements observed regarding the essential principles of the GDPR: transparency, information and consent. Here are some reactions … More

The post Industry reactions to Google’s €50 million GDPR violation fine appeared first on Help Net Security.

Security is Not, and Should not be Treated as, a Special Flower

My normal Wednesday lunch yesterday was rudely interrupted by my adequate friend and reasonable security advocate Javvad calling me to ask my opinion on something. This in itself was surprising enough, but the fact that I immediately gave a strong and impassioned response told me this might be something I needed to explore further… The UK … Read More