There is a growing concern about ransomware cyberattacks and their severe impact on organizations and individuals. This type of malware encrypts a victim’s files or data, enabling the cyber attacker responsible to demand a ransom (hence the name) in exchange for the decryption key.
If Arkansas police catch someone suspected of launching ransomware, that person potentially faces multiple criminal charges. This blog will briefly touch on the laws the malware violates and the penalties for conviction.
Ransomware as computer fraud
According to state law, a person commits computer fraud if they intentionally access any computer or network to either:
- Devise or execute any scheme to defraud or extort
- Obtain money, property, or a service with a false or fraudulent intent, representation or promise
Ransomware attacks typically lean toward the former because they aim to extort affected users until they can pay up.
Computer fraud is a Class D felony; a conviction carries up to six years of prison and $10,000 in fines.
Ransomware as computer trespass
Arkansas law also recognizes ransomware attacks as a form of computer trespass. Computer trespass is defined as the intentional access, alteration, deletion, damage, disruption or destruction of any computer system, program or data. The encryption caused by ransomware effectively bars users from accessing their altered data. If the ransom isn’t paid, the unresolved encryption might as well be a deletion of all the affected files.
Depending on the extent of the damage caused by ransomware and the number of prior violations, the offense’s grade and penalties can increase:
- First violation, computer trespass caused no loss or damage: This is a Class C misdemeanor which carries up to 30 days in jail and $500 in fines on conviction.
- Second or subsequent violation, no loss of damage OR violation caused loss or damage less than $500: This is a Class B misdemeanor which carries up to 90 days in jail and $1,000 in fines on conviction.
- Violation that causes loss or damage of $500 or more, less than $2,500: This is a Class A misdemeanor that carries up to a year in jail and $2,500 in fines on conviction.
- Violation that causes loss or damage of $2,500 or more: This is a Class D felony that carries up to six years in jail and $10,000 in fines on conviction.
Arkansas treats ransomware crimes very seriously, and anyone convicted of launching these malware attacks can expect to face at least two criminal charges. If you are in a similar position, consider consulting a legal professional. A lawyer may be able to help you understand your defense options in court, especially when faced with multiple charges.