University and their branch campuses.
§ 7673. Prohibited actions.
(a) General rule.--Except as provided in subsection (b), a
person may not, with the intent to extort money or other
consideration from another person or a Commonwealth agency for
the purpose of removing a computer contaminant or lock,
restoring access to a computer, computer system, computer
network or data or otherwise remediating the impact of a
computer contaminant or lock:
(1) Knowingly possess ransomware .
(2) Use ransomware without the authorization of the
owner of the computer, computer system or computer network.
(3) Sell, transfer or develop ransomware.
(4) Threaten to use ransomware against another person or
a Commonwealth agency if the threat is:
(i) made in an express or implied manner; and
(ii) transmitted in person, by mail or through
facsimile, e-mail, the Internet, a telecommunication
device or other electronic means.
(5) Induce another person to commit an act described in
paragraph (1), (2), (3) or (4).
(b) Exception.--Subsection (a) does not apply to the use of
ransomware for research purposes by an authorized agent of the
Commonwealth or the Federal Government.
§ 7674. Grading of offense.
(a) General rule.--Except as provided in subsection (b), if
a person is convicted of, found guilty of or pleads guilty or
nolo contendere in a court of record to an offense specified in
section 7673 (relating to prohibited actions), the person shall
be subject to the following:
20210SB0726PN0829 - 5 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30