Further Reading Ransomware locks up San Francisco public transportation ticket machines Los Angeles Times, citing a prosecutor in Los Angeles County.

The new law was signed in September 2016, but it did not take effect until earlier this week in America's most populous state. The maximum penalty for ransomware usage will be four years in state prison. Wyoming became the first state to pass a similar statute in 2014.

“This legislation provides prosecutors the clarity they need to charge and convict perpetrators of ransomware,” Sen. Bob Hertzberg (D-Van Nuys) said in a statement in September 2016. “Unfortunately, we’ve seen a dramatic increase in the use of ransomware. This bill treats this crime, which is essentially an electronic stickup, with the seriousness it deserves.”

Further Reading Hospital pays $17k for ransomware crypto key

Last year, San Francisco's Municipal Transportation Agency was notably hit with ransomware—the attacker demanded about $73,000 in bitcoins. That attack failed when the MTA’s IT staff could restore from a previous backup. Conversely, in February 2016, Hollywood Presbyterian Medical Center, the Los Angeles hospital held hostage by crypto-ransomware, decided to pay a ransom of 40 bitcoins—the equivalent of $17,000 at the time.

UPDATE Wednesday 9:02am ET: To be clear: this law requires locating a suspect first before being charged with this crime. Implementation of the law obviously doesn't guarantee that ransomware schemes will be stopped cold.