www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential

www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential

A RANSOMWARE TALESPOILER ALERT: THERE IS NO FAIRY TALE ENDING

T H E C Y B E R S E C U R I T Y P R E S E N T A T I O N A S S O C I A T I O N O F A M E R I C A H A S R A T E D T H I S P R E S E N T A T I O N R : A S I N R E Q U I R E D V I E W I N G F O R T H E C - S U I T E

J U S T I N S . D A N I E L S

B A K E R D O N E L S O N

S H A R E H O L D E R

6 7 8 . 4 0 6 . 8 7 0 6

j d a n i e l s @ b a k e r d o n e l s o n . c o m

J O D I D A N I E L S

R E D C L O V E R A D V I S O R S

P R I V A C Y C O N S U L T A N T

4 0 4 . 9 6 4 . 3 7 6 2

j o d i @ r e d c l o v e r a d v i s o r s . c o m

www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential

A PLEASANTLY SOUNDING UNPLEASANT NOTE

www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential

WHAT DO WE DO NOW?

Breach Notification Analysis and

Advice

Get Breach Team in Place

Employee and Customer

Communication

Forensic Investigation

Contact Threat Actor and

Ransomware Negotiation

www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential

BREACH TEAM

• Time is precious – yet most companies don’t know who to call when they are the star in the Ransomware Tale!

• All hail the forensics team…what is this privilege thing?

• What is a ransomware negotiator and why do I need it?

• What is the comms plan?

www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential

CUSTOMER AND EMPLOYEE COMMUNICATIONS

• As Crash Davis says: Learn your Phrases “network outage” “disruption to the network”

• Just the facts, NO SPECULATING as this story changes hourly!

• Always qualify what you say with the words “the investigation is ongoing.”

• Do you have a solid NDA in case you have to discuss the cyber event with specific customers?

www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential

FORENSIC ANALYSIS: SEPARATING THE SH FROM THE IT

• How did the TA get in?

• What systems were impacted?

• Any evidence of data exfiltration?

• Any concern of migration to customer’s systems?

• Any issues with the integrity of backups?

www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential

THE RANSOMWARE NEGOTIATION DANCE

• Do you have to negotiate and how do you do it?

• Request proof of decryption (Do not send PI/PHI files).

• Do not pay the ransomware without interacting with law enforcement: Booby prize could be prosecution for aiding terrorism!

• Do not assume the decryption key will work on all files.

www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential

A PAUSE FOR PRIVACY

• Do you collect PI or PHI?

• Do you store PI or PHI?

• Do you process PI or PHI for others?

• Do you know where it is on your network?

• Will PI or PHI appear in unexpected places?

www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential

BREACH NOTIFICATION RULES

GDPR: 72 HOURS AFTER THE BREACH

VS.

50 U.S. BREACH NOTIFICATION LAWS

(TIME PERIOD VARIES BY STATE)

www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential

BREACH COSTS TO DATE

BREACH COSTS

Forensic Firm $150,000

Legal Fees $80,000

Rebuild IT Infrastructure $110,000

Ransomware Payment $80,000

Loss of Customers ???

Reputational Harm ???

TOTAL $420,000

www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential

RANSOMWARE EPILOGUE

MFA ImplementationRisk

Assessment/Implementation Cyber Plan

What is your Liability under your customer and vendor

contracts?

Security Cost of Continued Use of Legacy Systems

Understand Your Insurance Coverage and Panel Firms

No Incident Plan is Planning to Fail

www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential

RANSOMWARE BY THE NUMBERS

• “Double-extortion” ransomware attacks – hackers stealing & encrypting on-site sensitive information, then threatening to release that data – increased by 200% IN 2020

• Hackers launched 1,200 ATTACKS using double-extortion against victims from 63 COUNTRIES IN 2020

• The total estimated cost of global ransomware attacks reached $20B IN 2020, up from $11.5b in 2019.

• The average U.S. ransomware payment increased 775% FROM 2019 TO 2020.

• 70% OF RANSOMWARE ATTACKS in Q4 2020 involved hackers threatening to release stolen data.

www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential

KEY TAKEAWAYS

It won’t happen to our organization is no excuse!

How many customers do you want to lose before security is a priority??

Ransomware is now a trillion-dollar industry for a reason!

Do you have a plan? Who are you going to call?? Hint: It’s not Ghostbusters!

www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential

Q&A DISCUSSIONPRESENTED BY:

Justin S. Daniels

Baker Donelson

Shareholder

678.406.8706

jdaniels@bakerdonelson.com

Jodi Daniels

Red Clover Advisors

Privacy Consultant

404.964.3762

jodi@redcloveradvisors.com

www.redcloveradvisors.com

CHECK OUT OUR PODCAST!

https://redcloveradvisors.com/podcasts/

www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential

C O N N E C T W I T H U S

WEBSITE

Baker Donelson is among the 80 largest law firms in the country, with more than 650 attorneys and public policy advisors representing more than 30 practice areas to serve a

wide range of legal needs. Clients receive knowledgeable guidance from experienced, multi-disciplined industry and client service teams, all seamlessly connected across 21 offices

in Alabama, Florida, Georgia, Louisiana, Maryland, Mississippi, South Carolina, Tennessee, Texas, Virginia and Washington, D.C.

TWITTERFACEBOOK LINKEDINwww.bakerdonelson.com @Baker_Donelson@BakerDonelson @Baker-Donelson