| 1 | 1 | | 1 of 1 |
|---|
| 2 | 2 | | SENATE DOCKET, NO. 2020 FILED ON: 1/17/2025 |
|---|
| 3 | 3 | | SENATE . . . . . . . . . . . . . . No. 42 |
|---|
| 4 | 4 | | The Commonwealth of Massachusetts |
|---|
| 5 | 5 | | _________________ |
|---|
| 6 | 6 | | PRESENTED BY: |
|---|
| 7 | 7 | | Paul W. Mark |
|---|
| 8 | 8 | | _________________ |
|---|
| 9 | 9 | | To the Honorable Senate and House of Representatives of the Commonwealth of Massachusetts in General |
|---|
| 10 | 10 | | Court assembled: |
|---|
| 11 | 11 | | The undersigned legislators and/or citizens respectfully petition for the adoption of the accompanying bill: |
|---|
| 12 | 12 | | An Act protecting against cyber ransom. |
|---|
| 13 | 13 | | _______________ |
|---|
| 14 | 14 | | PETITION OF: |
|---|
| 15 | 15 | | NAME:DISTRICT/ADDRESS :Paul W. MarkBerkshire, Hampden, Franklin and |
|---|
| 16 | 16 | | Hampshire 1 of 1 |
|---|
| 17 | 17 | | SENATE DOCKET, NO. 2020 FILED ON: 1/17/2025 |
|---|
| 18 | 18 | | SENATE . . . . . . . . . . . . . . No. 42 |
|---|
| 19 | 19 | | By Mr. Mark, a petition (accompanied by bill, Senate, No. 42) of Paul W. Mark for legislation to |
|---|
| 20 | 20 | | protect against cyber ransom. Advanced Information Technology, the Internet and |
|---|
| 21 | 21 | | Cybersecurity. |
|---|
| 22 | 22 | | [SIMILAR MATTER FILED IN PREVIOUS SESSION |
|---|
| 23 | 23 | | SEE SENATE, NO. 35 OF 2023-2024.] |
|---|
| 24 | 24 | | The Commonwealth of Massachusetts |
|---|
| 25 | 25 | | _______________ |
|---|
| 26 | 26 | | In the One Hundred and Ninety-Fourth General Court |
|---|
| 27 | 27 | | (2025-2026) |
|---|
| 28 | 28 | | _______________ |
|---|
| 29 | 29 | | An Act protecting against cyber ransom. |
|---|
| 30 | 30 | | Be it enacted by the Senate and House of Representatives in General Court assembled, and by the authority |
|---|
| 31 | 31 | | of the same, as follows: |
|---|
| 32 | 32 | | 1 Chapter 7D of the General Laws as appearing in the 2022 Official Edition is hereby |
|---|
| 33 | 33 | | 2amended in Section 7 by adding the following subsections:- |
|---|
| 34 | 34 | | 3 (e) No State agency, local government entity, or municipality shall submit payment or |
|---|
| 35 | 35 | | 4otherwise communicate with an entity that has engaged in a cybersecurity incident on an |
|---|
| 36 | 36 | | 5information technology system by encrypting data and then subsequently offering to decrypt that |
|---|
| 37 | 37 | | 6data in exchange for a ransom payment. |
|---|
| 38 | 38 | | 7 (f) Any State agency or local government entity experiencing a ransom request in |
|---|
| 39 | 39 | | 8connection with a cybersecurity incident shall report to and consult with the CIO. |
|---|