ALBANY, N.Y. (NEWS10) — Today is Data Privacy Day, and legislators in two different senate committees are backing new measures to stop government entities from paying a ransom to hackers.
Rockland County Democrat David Carlucci proposed a bill that prohibits government entities from paying ransom for cyber-attacks on critical infrastructure. Long Island Republican Phil Boyle proposed the other, which also restricts using taxpayer money to pay ransoms to hackers, and creates a fund to upgrade local cybersecurity measures.
Hackers have targeted many New York localities and agencies in the state over the past several years, most recently in Colonie. Lawmakers say giving in to demands encourages future attacks that waste taxpayer dollars.
Ransomware encrypts the files on a computer or network, effectively locking up vital information and resources. To decrypt the files, victims must pay a ransom. Cyber insurance policies and a robust system of backups can prevent attacks.
In 2017, cyber-attackers held Erie County Medical Center’s network hostage for $44,000, which the hospital refused to pay. Their insurance policy covered the roughly $10 million necessary to strengthen their system against future attacks and restore it from backups.
Last April, the city of Albany spent $300,000 to rebuild its infrastructure rather than capitulate to cyber terrorists. In December, however, Albany International Airport paid “under six figures” in Bitcoin to ransomware attackers. Libraries and schools have also been targeted in Orange County, Jefferson County, and Onondaga County.
The bills are under review in their respective committees: Veterans, Homeland Security, and Military Affairs for Boyle’s bill and Local Government for Carlucci’s. Either bill, or neither, might advance to the Senate floor soon.