What's the problem here?
I'm not sure why the title of the article says "Make malware possession a crime!" sarcastically because in the article it spells out that the proposed legislation seems to want to punish "intent to use" the ransomware in a malicious way more so than "possession of malware".
For example, in some states if you're caught driving around suspiciously in a neighborhood late at night and the police search your trunk and find certain things, you can be charged with what is called "possession of burglary tools". While these normal tools, crowbar, big screwdriver for prying windows, etc. are nothing more than that, normal tools, the suspicion of the person's intent to use said tools for malicious purposes is the problem, not the tools.