523.
(a) Every person who, with intent to extort property or other consideration from another, sends or delivers to any person any letter or other writing, whether subscribed or not, expressing or implying, or adapted to imply, any threat such as is specified in Section 519 is punishable in the same manner as if such property or other consideration were actually obtained by means of such threat.(b) (1) Every person who, with intent to extort property or other consideration from another, introduces ransomware into any computer, computer system, or computer network is punishable pursuant to Section 520 in the same manner as if such property or other consideration were actually obtained by means of the ransomware.
(2) Prosecution pursuant to this subdivision does not prohibit or limit prosecution under any other law.
(c) (1) “Ransomware” means a computer contaminant, as defined in Section 502, or lock placed or introduced without authorization into a computer, computer system, or computer network that restricts access by an authorized person to the computer, computer system, computer network, or any data therein under circumstances in which the person responsible for the placement or introduction of the ransomware demands payment of money or other consideration to remove the computer contaminant, restore access to the computer, computer system, computer network, or data, or otherwise remediate the impact of the computer contaminant or lock.
(2) A person is responsible for placing or introducing ransomware into a computer, computer system, or computer network if the person directly places or introduces the ransomware or directs or induces another person to do so, with the intent
of demanding payment or other consideration to remove the ransomware, restore access, or otherwise remediate the impact of the ransomware.