DLA Piper had planned a cyberbreach response before major malware attack in June
DLA Piper logo/Twitter.
DLA Piper had planned its response to a cyberbreach before its systems shut down in response to a major malware attack last June.
Don Jaycox, DLA Piper’s chief information officer for the Americas, tells the Wall Street Journal (sub. req.) that the attack began when a malware agent known as NotPetya was downloaded on a finance server in Ukraine.
“Our first instinct—because we had planned it out—was to shut everything down once we realized the attack had a fairly broad reach,” Jaycox said. “Everything was off the air, along with roughly two-thirds of our end points, laptops, desktops, etc.”
DLA Piper had already contracted with companies that would assist it in monitoring its network and responding to an attack. Two were tapped the first day of the breach, and a third was called in on the second day.
The law firm had registered all of its cellphones to a mass communication texting system, allowing for a blast communication. The firm also had a game plan for quickly recovering a targeted system, such as email, but it couldn’t quickly restore every system at once.
“People who do backups to the cloud, one of the things that you need to think about is what is the scenario for total recovery if you lose everything,” Jaycox said. “Because getting all the data back if you need to get all of it can be a little bit challenging.”
The top question from clients was whether their data was compromised, Jaycox said. At first, the law firm was able to say it found no indications of compromised information. After additional assessment, that statement can now be made “with a very high degree of certainty,” he said.
