North Carolina Becomes First State to Prohibit Public Entities from Paying Ransoms

Hunton Andrews Kurth writes:

On April 5, 2022, North Carolina became the first state in the U.S. to prohibit state agencies and local government entities from paying a ransom following a ransomware attack.

North Carolina’s new law, which was passed as part of the state’s 2021-2022 budget appropriations, prohibits government entities from paying a ransom to an attacker who has encrypted their IT systems and subsequently offers to decrypt that data in exchange for payment. The law prohibits government entities from even communicating with the attacker, instead directing them to report the ransomware attack to the North Carolina Department of Information Technology in accordance with G.S. 143B‑1379.

Resource: NY DFS Issues New Cybersecurity Guidance to Address Risks Associated with the Use of Third-Party Service Providers
Bombay High Court Orders Department of Telecommunications to Block Medusa Accounts After Generali Insurance Data Breach
Attorney General James Announces Settlement with Wojeski & Company Accounting Firm
John Bolton Indictment Provides Interesting Details About Hack of His AOL Account and Extortion Attempt
UK: 'Catastrophic' attack as Russians hack files on EIGHT MoD bases and post them on the dark web
The Alliance That Wasn’t: A Critical Analysis of ReliaQuest’s Q3 2025 Ransomware Report

Related: