Updated

Michigan is stepping up its push to go after criminals who traffic in ransomware.

Michigan governor Rick Snyder has signed legislation that criminalizes the possession of ransomware, malicious software that locks you out of your data and demands money to get access to that data back.

The law makes the possession of ransomware a felony, punishable by up to three years in prison, according to a statement on the governor’s website. A person must “knowingly” possess ransomware “with the intent to introduce it into a computer or computer network without authorization,” according to the statement.

As cybercrime becomes increasingly sophisticated, Michigan is cracking down. "It's integral our law enforcement agencies have the tools to identify, prevent and penalize it,” Governor Snyder said in a statement.

These laws should make it easier to go after criminals who are connected to ransomware but don’t themselves execute ransomware attacks.

“This, in theory, should make it easier for state authorities to go after suspected ransomware developers, affiliates, and others involved in Ransomware-as-a-Service operations,” according to Bleeping Computer, a website that reports on malware outbreaks.

Ransomware-as-a-service, or RaaS, is software that enables criminals, even those with little technical knowhow, to launch a ransomware attack.

RansomwarePetya

The law makes the possession of ransomware a felony, punishable by up to three years in prison, according to a statement on the governor’s website.

Ransomware infections steadily increased year-over-year after  2013 and reached a record high of 1,271 detections per day in 2016, according to Symantec’s Internet Security Threat Report released in March of this year.

While Ransomware detections didn’t top that record in 2017, they remained at “elevated levels,” according to the report from the cybersecurity software firm.

The average ransom demand in 2017 was $522, the report said.