CA SB1137

Defines "ransomware" as a computer contaminant or lock placed without authorization that restricts access to a computer, system, or network, where the responsible person demands payment to remove it or restore access.

Makes a person responsible for ransomware if they directly place or introduce it, or direct or induce another person to do so, with intent to demand payment for removal or remediation.

Establishes that introducing ransomware into any computer, computer system, or computer network with intent to extort money or other consideration is punishable under Penal Code Section 520, as if the money or consideration were actually obtained.

Allows prosecution under this provision without prohibiting or limiting prosecution under any other law.

Exempts the state from reimbursing local agencies and school districts for costs related to this new crime, consistent with Government Code Section 17556.