Two bills have been introduced into the New York State Senate that if passed would ban municipalities from paying money demanded by ransomware attackers.
The first bill would make it specifically illegal for local governments to use taxpayer dollars to pay a ransom, while the latter piece of legislation bans the practice entirely.
“No municipal corporation or other government entity shall pay ransom in the event of a cyber-attack against such municipal corporation or such government entity,” states S7289, while S7246 says, “Notwithstanding any other provision of law, after January first, two thousand twenty-two, local and state taxpayer moneys shall not be used to pay ransoms in response to ransomware attacks.”
S7246 would also establish the Cyber-Security Enhancement Fund, which will contain $5 million and be used to increase training and upgrading cybersecurity for municipalities with a population of less than one million.
The bills are similar to a resolution passed in July 2019 by the United States Conference of Mayors that stated the group stands against paying ransoms in the event of an IT security breach as such an act merely encourages further attacks.