(1) A person shall not knowingly possess ransomware with the intent to use or employ that ransomware for the purpose of introduction into the computer, computer data, computer system, or computer network of another person, without authorization of the other person. A person who violates this section is guilty of a felony punishable by imprisonment for not more than 3 years.

    (2) As used in this section, "ransomware" means a computer or data contaminant, encryption, or lock that is placed or introduced without authorization into a computer, computer system, or computer network and that restricts access by an authorized person to a computer, computer data, computer system, or computer network in a manner that results in the person responsible for the placement or introduction of the ransomware demanding payment of money or other consideration to remove the computer contaminant, or restore access to the computer, computer system, computer network, or data. Ransomware does not include authentication required to upgrade or access purchased content.