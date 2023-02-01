IOWA (KWWL) -- Two proposed bills in the Iowa House would explicitly make ransomware attacks illegal in the state of Iowa, unless it's done for research or security purposes. Experts say that the proposed bills would make it easier for officials to pursue criminal charges.
Nationally, ransomware attacks are already a felony under the Computer Fraud and Abuse Act. Locally, they fall under cybercrime, but there was no specific mention of ransomware in Iowa laws.
These proposed bills would classify ransomware attacks at different levels of severity.
Less than $10,000 is an aggravated misdemeanor, punishable by up to two years in prison and a fine between $855 and $8,540.
Between $10,000 and $50,000 is a class D felony, up to five years and a fine between $1,024 and $10,245.
Any higher than $50,000 is a class C Felony, punishable up to ten years and a fine between $1,370 and $13,660.
Iowa is not the first state to do this, but according to University of Dubuque professor Dan Fleming, our version has a couple of important differences.
Fleming said, “Someone like me, who wants to research it, having that software in my possession would be a crime, potentially, in Wyoming. Other places its a question of whether its legal or not to make the payments.”
Fleming says the bills in Iowa's legislature focus on defining what constitutes a ransomware attack, allowing resources to be focused on the ones committing the acts.
He says that while these bills will help simplify things for law enforcement, it's not something that we'll see used often, because most ransomware attacks come from overseas.