As of January 1, the delivery of ransomware is illegal in California thanks to Senate Bill 1137 going into effect. State prosecutors had previously brought such cases under existing extortion statutes.
The new law was signed in September 2016, but it did not take effect until earlier this week in America's most populous state. The maximum penalty for ransomware usage will be four years in state prison. Wyoming became the first state to pass a similar statute in 2014.
“This legislation provides prosecutors the clarity they need to charge and convict perpetrators of ransomware,” Sen. Bob Hertzberg (D-Van Nuys) said in a statement in September 2016. “Unfortunately, we’ve seen a dramatic increase in the use of ransomware. This bill treats this crime, which is essentially an electronic stickup, with the seriousness it deserves.”