CHAPTER 61. CRIMES AND THEIR PUNISHMENT.

ARTICLE 3C. WEST VIRGINIA COMPUTER CRIME AND ABUSE ACT.

§61-3C-4. Computer fraud; access to Legislature computer; criminal penalties.

(a) Any person who, knowingly and willfully, directly or indirectly, accesses or causes to be accessed any computer, computer services, or computer network for the purpose of: (1) Executing any scheme or artifice to defraud; or (2) obtaining money, property, or services by means of fraudulent pretenses, representations, or promises is guilty of a felony and, upon conviction thereof, shall be fined not more than $10,000 or imprisoned in a state correctional facility for a determinate sentence of not more than 10 years, or both fined and imprisoned.

(b) Any person who, with intent to extort money or other consideration from another, introduces ransomware into any computer, computer system, or computer network is guilty of a felony and, upon conviction thereof, shall be fined not more than $100,000 or imprisoned in a state correctional facility for a determinate sentence of not more than 10 years, or both fined and imprisoned.

(c) A person is criminally responsible for placing or introducing ransomware into a computer, computer system, or computer network if the person directly places or introduces the ransomware or directs or induces another person to do so, with the intent of demanding payment or other consideration for removing, restoring access, or other remediation of the impact of the ransomware.

(d) (1) Any person who, knowingly and willfully, directly or indirectly, accesses, attempts to access, or causes to be accessed any data stored in a computer owned by the Legislature without authorization is guilty of a felony and, upon conviction thereof, shall be fined not more than $5,000 or imprisoned in a state correctional facility for a determinate sentence of not more than five years, or both fined and imprisoned.

(2) Notwithstanding the provisions of §61-3C-17 of this code to the contrary, in any criminal prosecution under this subsection against an employee or member of the Legislature, it shall not be a defense: (A) That the defendant had reasonable grounds to believe that he or she had authorization to access the data merely because of his or her employment or membership; or (B) that the defendant could not have reasonably known he or she did not have authorization to access the data: Provided, That the Joint Committee on Government and Finance shall promulgate rules for the respective houses of the Legislature regarding appropriate access of members and staff and others to the legislative computer system.

§61-3C-4. Computer fraud; access to Legislature computer; criminal penalties.