Bill > SB563

This bill amends Pennsylvania's Crimes and Offenses law to create a new offense of ransomware. Key provisions include: 1. Prohibiting the knowing possession, use, sale, transfer, or development of ransomware, as well as threatening to use ransomware, without authorization. 2. Establishing penalties based on the aggregate amount of money or other consideration involved, ranging from a misdemeanor of the second degree to a felony of the first degree, with enhanced penalties for repeat offenses, physical injury, or targeting the judicial system. 3. Allowing for the forfeiture of computers, software, or data used in ransomware offenses. 4. Requiring managed service providers and Commonwealth agencies to promptly notify authorities of ransomware incidents. 5. Prohibiting the use of public funds to pay ransomware extortion attempts, except in limited circumstances, but allowing for the use of insurance coverage for related expenses. 6. Authorizing civil actions by victims to recover damages, punitive damages, and attorney's fees. 7. Imposing duties on the Office of Administration to study, develop guidelines, and provide reporting on ransomware threats and the Commonwealth's preparedness and response.

Justice

https://www.legis.state.pa.us/cfdocs/billinfo/bill_history.cfm?syear=2023&sind=0&body=S&type=B&bn=563