Honorable John Whitmire, Chair, Senate Committee on Criminal Justice
Ursula Parks, Director, Legislative Budget Board
SB1477 by West (Relating to ransomware; creating a criminal offense.), As Introduced
The provisions of the bill addressing felony sanctions are the subject of this analysis. The bill would amend the Penal Code as it relates to the creation of the offense of ransomware attack and extortion. Under the provisions of the bill, certain computer attacks in which an individual introduces ransomware with the intent to extort payment would be a criminal offense. The bill would also make restricting a ransomware victim's access to privileged information a criminal offense. The punishment for certain types of ransomware attacks would range from a misdemeanor to a felony with the punishment level increasing in severity based on the value of the payment or other consideration demanded and other offense-related circumstances.
A first degree felony is punishable by confinement in prison for life or a term from 5 to 99 years; a second degree felony is punishable by confinement in prison for a term from 2 to 20 years; a third degree felony is punishable by confinement in prison for a term from 2 to 10 years; and a state jail felony is punishable by confinement in a state jail for a term from 180 days to 2 years or Class A misdemeanor punishment. In addition to confinement, most felony offenses are subject to an optional fine not to exceed $10,000.
Expanding the list of behaviors for which a criminal penalty is applied is expected to result in greater demands on the correctional resources of the counties or of the State due to a potential increase in the number of individuals placed under supervision in the community or sentenced to a term of confinement within state correctional institutions. This analysis assumes the provisions of the bill addressing felony sanctions would not result in a significant impact on the demand for state correctional resources.