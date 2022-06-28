SEBRING — When Highlands County Sheriff Paul Blackman said at the beginning of June that he had no intention of paying a ransomware demand, he wasn’t the only one.
Effective July 1, no state or local government agency or entity in Florida will be allowed to pay a cyberattack ransom, according to House Bill 7055, just signed into law.
The bill also requires state agencies and local governments to report cybersecurity and ransomware incidents and provide after-action reports on those incidents. The law also provides for criminal penalties and fines, including making such an offense a first degree felony.
The fine for conviction is equal to and/or up to twice the ransom demand.
The ransom demand just before Memorial Day of the Highlands County Sheriff’s Office, when hackers encrypted approximately half of the agency’s servers, was $2.5 million. That would make the fine for any suspects, if caught and convicted, up to $5 million.
The bill will also set cybersecurity standards for local and state governments and will provide a basic cybersecurity training curriculum for local government employees. All local government employees with access to the local government’s network would have to complete basic cybersecurity training within 30 days of being hired, and continue to do so each year after that.
This would especially be true of any local government technology professionals and employees with access to highly sensitive information, the bill states.
Meanwhile, the Highlands County Sheriff’s Office is still working to get servers back online, according to officials there, with a priority on getting the 911 Consolidated Dispatch operating normally.
“We’re still stuck in the mud, trying to dig ourselves out,” said Sheriff’s Office Spokesperson Scott Dressel.
When asked if the pending law was one reason Blackman refused to consider the ransom payment, officials said the sheriff also didn’t want to entertain or encourage such cyberterrorism, which would not guarantee the servers would get unlocked or that the hackers would ask for more money.
“We’re not going to give in to criminals,” Dressel said.
As for the arrival of a formal law, Sheriff’s Office officials said “it would have been nice to have last year,” because it would have discouraged hackers from wanting to try extorting money from local governments.