Navigating Legal Strategies and Investigative Techniques in the Face of Ransomware Attacks

Ransomware uses malicious software to restrict an organization’s access to its data or information systems until payment is made. It is also one of the most common and costly forms of cyber-attacks that businesses face today. With the looming threat of confidential and proprietary information being stolen or revealed, making ransomware payments is often a serious consideration. Yet when advising on this contentious matter, counsel should be aware of the key factors that determine the legality of the payment, the role and use of digital forensics, and the preventative measures to advise clients on.
In this CLE webinar, our expert panelists begin by discussing what ransomware attacks are, how they occur, and the current threat environment in the United States. Next, our speakers break down the 2021 OFAC ransomware advisory, which parties it applies to, and the factors considered in determining potential violations. They also review the option for licensing policies and the penalties imposed by OFAC. Next, our experts give an overview of computer forensics, its capabilities, and its role after a ransomware attack. Finally, our speakers share the best practices to limit an organization’s ransomware risk, which counsel can both observe and advise clients to do.
Topics covered in this webinar:

Our Mission is to bridge the knowledge gap between law and technology professionals by educating attorneys on technology to attorneys and technology executives on its laws and regulations. Legal Cyber Academy provides a comprehensive tool and evolving knowledge base through exclusive insights from world class cybersecurity, privacy, web 3.0, forensic, and e-discovery legal and technical practitioners. Earn CLE, CPE, and CE credits. (Refunds are available if you do not receive credit) At Legal Cyber Academy We recognize that technology, the cybersecurity threats it faces, and relevant laws and regulation are rapidly evolving, presenting unique challenges and opportunities. Our platform is dedicated to empowering legal professionals with the skills and understanding necessary to navigate the complex landscape of technology in their field, enabling them to effectively advise clients, draft contracts, and navigate legal implications in a technology-driven world. Simultaneously, we strive to equip technology professionals with the legal knowledge they need to make informed decisions, ensure compliance with regulations, and limit liability. By fostering a deep understanding of legal frameworks, we hope to support technology professionals in creating innovative, compliant, and socially conscious technological advancements. Join us in our mission to reshape the way legal professionals and technology experts understand and interact with each other in a rapidly changing technical and legal landscape. Together, they will mitigate risk better, ensure compliance, and actively shape the future of technology and its accompanying laws.

LAW & FORENSICS LLC – FOUNDER; JAMS – NEUTRAL; HARVARD – ADJUNCT;
Danie Garrie, Esq., is the Co-Founder of Law & Forensics LLC, where he heads the Computer Forensics and digital discovery Cybersecurity teams. Daniel has been a dominant voice in the computer forensics and cybersecurity space for the past 20 years, as an attorney and technologist. He is an adjunct professor at Harvard for Computer Forensics, and prior to Law & Forensics, he successfully built and sold several technology start-up companies. Since co-founding Law & Forensics LLC in 2008, Daniel has built it into one of the leading boutique firms specializing in cybersecurity and forensic engineering. He is a mediator, arbitrator, and e-discovery special master for JAMS and is a partner and head of Cybersecurity practice at Zeichner, Ellman & Krause LLP. Daniel earned both a Bachelor’s and a Master’s degree in computer science from Brandeis University, as well as a J.D. from Rutgers Law School. Daniel has led cyber and forensic teams in some of the most visible and sensitive incidents in the United States. He and his team have worked globally for two of the top five banks and dozens of the largest private and public companies in the world. In addition, Daniel has been awarded several patents for advanced cybersecurity and forensic platforms he built with his team, including TableTop.AI, CustodyTrack.IO, and Forensic Scan. Daniel is also well-published in the cybersecurity space and has authored more than 200 articles and books. His work is cited by Black’s Law Dictionary 10th Ed. defining the terms 'software', 'internet', and 'algorithm'. Lastly, he has been recognized by several United States Supreme Court Justices for his legal scholarship and is a trusted source and thought leader for cybersecurity articles and opinions, cited over 500 times to date.

Chair of North America Trade Secret Practice at Baker McKenzie
Bradford Newman is a litigation partner resident in Baker McKenzie's Palo Alto Office and Chair of the North America Trade Secrets Practice. According to Chambers USA, Brad is a "recognized authority on trade secrets cases" who "is valued for his tenacious, intelligent and thoughtful approach to trade secrets matters." Bradford regularly serves as lead trial counsel in cases with potential eight and nine-figure liability, and has successfully litigated (both prosecuting and defending) a broad spectrum of trade secrets cases in state and federal courts throughout the country. He routinely advises and represents the world's leading technology, banking, professional service, manufacturing and commerce companies in connection with their most significant data protection and trade secret matters. Bradford is the author of Protecting Intellectual Property in the Age of Employee Mobility: Forms and Analysis, a comprehensive treatise published by ALM that offers authoritative guidance on legal risks and practical steps companies can take to protect their IP and remedy IP theft.

Partner – Orrick, Herrington & Sutcliffe
Seasoned trial lawyer Doug Meal defends clients targeted by litigation and government investigations stemming from major privacy and cybersecurity incidents. According to Chambers USA, clients select Doug because "[h]e is the premier expert in this field and knows how to run a breach response process from A to Z”; is “extremely experienced [and] can give immediate advice off the top of his head"; "has been in court through trials and negotiations, all aspects of the litigation, and is highly effective in all of them"; and "is good to work with, personable and very authoritative." This year, clients said, "I would trust him with my life if I ran into a litigation"; "Doug is extremely calm and has a way of presenting and explaining problems which makes you feel empowered to do your job"; and "He has great experience in this field and is a solid rock in litigation." Based on client assessments like these, Chambers USA has named Doug as the first and only “Band 1” litigator in the Privacy and Data Security category, describing him as the 'market leader,' being 'regarded by market sources as the leading privacy litigator in the USA' and 'the dean of the data breach litigation Bar.' As the lead outside lawyer handling claims and/or regulatory investigations stemming from the data security breaches suffered by Target, Neiman Marcus, The Home Depot, Hilton Worldwide, Landry’s, Arby’s, Shopify, Chegg, Supervalu, Sally Beauty, Sony, Heartland Payment Systems, TJ Maxx, Hannaford Brothers, Aldo, Genesco, and Wyndham Hotels—some of the most highly publicized breaches in recent years—Doug has become the national leader in defending companies that suffer breaches involving consumer information against the ensuing claims and regulatory investigations. Doug’s recent successes include leading the team that prevailed in the closely watched LabMD v. FTC litigation, convincing the U.S. Court of Appeals for the Eleventh Circuit to become the first court ever to overturn a cybersecurity enforcement action by the FTC. Doug has been recognized four times as one of The Cybersecurity Docket’s Incident Response 40—a list of the top 40 incident response lawyers in the United States. He is also a five-time Law360 Privacy MVP.

Director – Berkeley Research Group LLC
Ignatius Grande has advised clients on issues relating to electronic discovery, information management, and data privacy for more than fifteen years. With his legal and technical expertise, he bridges the gap that may exist between IT and legal/compliance personnel. He has worked with both law firms and companies to guide them through eDiscovery and the forensic investigation processes. He has overseen collection and production of data for several Hart–Scott–Rodino (HSR) second requests. Mr. Grande has served as a formal eDiscovery liaison for clients and has represented parties in eDiscovery disputes before regulators. He often works with companies to address complex information management issues, including the onboarding of new software and technologies, and the privacy and security implications of Internet of Things devices and sensors. Mr. Grande has performed compliance risk assessments for corporations that addressed records retention and data remediation compliance issues. He works with companies to effectively implement information management practices and can assist in implementing or revising policies relating to information security, data privacy, records retention, vital records, social media, Bring Your Own Device, legal holds, and mobile device governance. Mr. Grande serves as co-chair of the Social Media & New Communications Technologies committee of the New York State Bar Association’s Litigation Section and as vice president of the Association of Certified E-Discovery Specialists (ACEDS) New York Metro chapter. He has taught an eDiscovery course at St. John’s University School of Law for six years. He previously worked for two major law firms and served as in-house counsel for a global commodities company.

Director, Incident Response Services – CrowdStrike
Yinan Yang is a Director with CrowdStrike’s Incident Response practice where he currently leads teams responsible for the delivery of incident response and breach investigation services across North America. Together, they have investigated hundreds of cases that ranged from Nation State intrusions to e-Crime and ransomware attacks. He has over a decade of cybersecurity experience across all major commercial verticals and Department of Defense (DoD) specializing in areas of digital forensics and incident response, threat hunting, security operations and cyber threat intelligence integration. In addition to his operational and supervisory duties, Yinan also leads methodology development and executive engagement efforts for the practice