Charges related to the release, implementation, and spread of ransomware are becoming more common. This trend mirrors the rise in incidents of ransomware around the United States and increased sophistication of these attacks. The potential punishment for perpetrating these attacks is similarly becoming more substantial, as the United States federal laws become better equipped to handle these crimes.

What Is a Ransomware Attack?

If you are charged with a cybercrime related to ransomware, it is probable that you understand the basis for the charges and the terminology. But technology is changing quickly, and it’s possible you are facing this serious offense without any understanding of the definition of ransomware.

Ransomware is a category of malicious software. There are many different codes and programs that act as ransomware, but they share a single feature – a sum of money can be paid to remove the malicious software or undo the damage to a computer or computer network. The term ransomware is derived from this payment of ransom.

How Does Ransomware Work?

Ransomware is essentially a computer virus. It can be spread through phishing scams, malicious websites, and other pieces of code. It is also possible to conceal the origin origin of ransomware attack, putting innocent parties at risk for federal charges, even if they didn’t intend to send ransomware.

While there are several ransomware viruses, the most common are downloads. A set of files is downloaded from an email or website, then the ransomware takes over the computer or computer network. From there, ransomware can encrypt files, access data, or create a copy of information on the system.

When Is Ransomware a Federal Offense?

In the United States, cybercrime is one of the fastest growing types of criminal offense, and incidents of ransomware are no exception. The Federal Bureau of Investigation (FBI) has tagged ransomware as a danger for hospitals, schools, businesses, individuals, and the government. The FBI relies on several federal laws to hold individuals that spread ransomware accountable.

Federal Laws Addressing Ransomware Attacks

The federal government has passed several laws to address cybercrime in the United States. There isn’t a law that specifically and directly addresses ransomware attacks. Rather, the broad cybercrime laws are used to bring charges across the country.

  • Electronic Communications Privacy Act (ECPA): As an amendment to the federal wiretapping act, the ECPA targets the interception and corruption of communications that are stored or sent electronically. If ransomware is used to intercept or access personal information stored in emails or other communication, the ECPA is an asset to prosecutors.
  • Computer Fraud and Abuse Act (CFAA): The majority of ransomware cases are investigated by the FBI and prosecuted under the Computer Fraud and Abuse Act. The CFAA is found at  Title 18 U.S.C Section 1030. This statute can be broadly used by prosecutors against any individual who transmits a program, information, code, or command to a computer system or computer network in order to cause damage to that system or network.

Of note, the Computer Fraud and Abuse Act requires evidence that there was intent to cause harm or damage, thus making it impossible to prosecute people that unknowingly or unintentionally spread ransomware.

The CFAA further makes it a crime to:

(1) access a computer used in national defense without authorization;

(2) access any computer or computer network without authorization but with the intent to view, disrupt, or distribute the records of a financial institution; and

(3) access a computer without authorization for the purpose of committing fraud. All of these situations can apply to the use and transmission of ransomware.

What to Do if Accused of Spreading Ransomware?

Defense and prosecution of cyber crimes require extensive technical knowledge and experience. Not every prosecutor is equipped to bring a successful cybercrimes case, and likewise not every defense attorney has experience defending these crimes.

If you are accused of spreading or transmitting ransomware, the first requirement of your defense is finding a lawyer that does have the appropriate knowledge and prior experience.

Other actions you should immediately take in your defense are:

  1. Documenting your online activity, including the use of networks, programs, communication, VPNs, and any other actions;
  2. Providing information to your lawyer regarding your technology capabilities and knowledge – it is essential for your lawyer to understand your ability to carry out the alleged crime and whether you should reveal this ability to law enforcement;
  3. Perform a check on your Internet connections, devices, and other computer networks to determine the presence of multiple users or individuals with access to these systems; and
  4. Only speak to law enforcement or turn over documentation if instructed to do so by your federal defense lawyer.

The best thing you can do if accused of a ransomware attack is document, store, and catalog information that is helpful in your defense, but reveal nothing to law enforcement or the prosecutor until required by a warrant. Cyber crimes, including ransomware, are often crimes of information and access to the right information, from the onset you want to limit what the prosecutor knows, while your defense lawyer expands his or her grasp of the situation.