The TTC has hired one of the nation’s leading legal experts on cybersecurity incidents to help coordinate its response to the ransomware attack it suffered two weeks ago, Star learned.
Sunny Handa is a Montreal-based partner of Blake, Cassels & Graydon LLP and is considered one of Canada’s foremost “rape advisers,” a term for attorneys who guide organizations through ransomware negotiations and incidents. related security. He has served over 100 clients whose networks have been compromised and advised taking a business approach to dealing with criminal cyber gangs.
TTC spokesman Stuart Green did not confirm or deny that the agency had hired Handa’s services or reveal how much it is paying him. Handa also declined a request for comment. But a source with knowledge of the TTC’s handling of the case confirmed that Handa had been recruited.
Since October 28, the transit agency has been dealing with the effects of a reported ransomware attack, a type of cybercrime that typically involves hackers entering an organization’s computer network and encrypting key systems, and then they demand a ransom payment to restore access to them.
The TTC said the attack resulted in the shutdown of several important internal and customer-facing systems, including the traffic control uses of the communication network to talk to operators, the arrival information of the next vehicle, the system of Wheel-Trans online booking and agency email network.
The TTC has been able to bring some of the affected systems back online, but the issues have not been fully resolved. On Monday, the agency revealed that the personal information of up to 25,000 current and former employees may have been compromised in the security breach.
Without confirming who the agency had hired, Jaye Robinson, Councilman for District 15 – Don Valley West and president of the TTC, acknowledged that the hack was so serious that the agency needed to bring in outside help.
“The skill set and level of experience required goes beyond managing the TTC,” he said in an interview. The experts the agency has hired are leaders in their field who “help us investigate the incident and help us restore our systems, along with the TTC staff.”
Although Handa did not respond to questions Wednesday about the TTC case, he has previously spoken about his recommended strategy for negotiating with hackers and explained how hiring an attorney like him can prevent organizations from being successfully sued after suffering a breach. cyber security.
In an interview with Star’s This Matters podcast in July, he said that it is often best to take a professional and business stance when dealing with criminals who have infiltrated an organization’s systems, even if the leaders of the victimized entity can have difficulties.
“Leverage is generally on the hackers’ side,” so “there’s no value in getting dramatic,” Handa said.
“It’s about having a conversation. We have a business goal to reach. How do we get to that business goal? “
According to a report released by the Handa firm earlier this year, more than half of ransomware victims end up paying the ransom. About 60 percent of the payments, which are made using cryptocurrencies, were more than $ 100,000 (US). The TTC has not released any information on any ransom demand from last month’s attack.
Handa also told This Matters that while it might seem more obvious for an organization to hire an IT professional to lead its response to a cyber attack, bringing in a breach attorney, also known as a breach coach, offers a layer of protection. legal against subsequent attacks. trials.
“When you are in a default situation, this could lead to litigation, you could be sued for all sorts of different issues. Maybe because of not using enough protection, because of losing control of people’s data, ”Handa explained.
An attorney hired by a compromised organization may hire IT experts, who report to the attorney any information about the breach and what the organization might have done to prevent it. That information is then protected by attorney-client privilege. Handa explained that the goal is that if someone later sues the organization affected by the infringement, the complainant “may not necessarily have access to that report or what is there.”
The TTC would not respond to Star’s questions about whether any investigation into the ransomware attack involving Handa would be privileged, or whether it would commit to making such an investigation public.
Reference-www.thestar.com