Ransomware Remediation (and How to Keep Ransomware Attackers from Reading Emails and Joining Zoom Calls)

As a partner in the Data, Privacy and Security practice group at King & Spalding LLP, Robert Hudock counsels clients on preparing for, responding to, and recovering from cyber-based attacks on their networks and information. He assesses clients’ security controls and practices for the protection of data, developing and implementing information security programs, and complying with federal and state regulatory requirements.
Robert has represented companies on a range of cybersecurity and data-security incidents, including dozens of security breach matters involving tens of millions of affected consumers. He has represented clients before federal and state government agencies, national security-related investigations, cybersecurity matters, and Attorney General investigations into security incidents. He routinely advises clients on data, privacy and security matters arising from federal and state laws. He regularly conducts risk assessments and IT audits for healthcare and financial services companies and designs and implements cost-effective strategies for managing electronic documents.
Robert is a Certified Information Systems Security Professional (CISSP) and was awarded this information technology security audit certification by the International Information Systems Security Certification Consortium. He is certified by the National Security Agency to perform INFOSEC Assessment Methodology audits under FISMA and by the Health Information Trust Alliance (HITRUST) as a Certified CSF Practitioner. HITRUST is an organization that provides training to develop and maintain effective security programs for health care and life sciences companies. He is a Certified Ethical Hacker (CEH). The CEH credential is a professional certification provided by the International Council of Electronic Commerce Consultants.
Robert is a two-time winner of DefCon's Capture the Flag Competition. DefCon CTF provides a venue for the true pro hackers to ply their craft and show off their skill. As such, it acts as a weather vane for the hacking community, pointing out the top hackers and the most effective techniques (tools, automation, etc.).
Previously, Robert served as a member of a nationally recognized law firm where he was a member of their Healthcare and Life Sciences practice group. He also served as the Chief Privacy and Data Security Officer and Senior Vice President of a major intelligence, military, aerospace, engineering, and systems contractor, where he managed all aspects of privacy and cybersecurity compliance across the company.

Heather Egan is the Business Unit Leader for Orrick’s Strategic Advisory & Government Enforcement (SAGE) Business Unit. Heather focuses on cybersecurity, privacy and information management. A strategic advisor to clients, she is ranked by Chambers USA, Chambers Global and The Legal 500 United States as a leader in her field. Chambers explains companies turn to Heather because she “understands all the business issues and the dynamics of how to implement privacy programs [and is] extraordinarily thoughtful, very pragmatic and responsive.”
Heather partners with clients to reduce the risk of privacy and security incidents. In the event of an incident, she helps companies respond, successfully guiding them through investigation, remediation, notification and any ensuing government inquiries. She provides comprehensive crisis management support and companies rely on her to manage their response to catastrophes, investigations and government probes involving conduct by employees, contractors and third parties.
To help clients navigate complicated global regulatory compliance challenges, she leads comprehensive cybersecurity and privacy assessments worldwide, vets risks in corporate transactions, conducts internal investigations stemming from data incidents, and drafts and negotiates contracts concerning data-related vendors and arrangements. She regularly counsels businesses on how to mitigate risks associated with the collection, use, retention, disclosure, transfer and disposal of personal data. Outside of the U.S., she manages teams of talented counsel around the world to deliver seamless advice for clients that operate across many jurisdictional lines, developing comprehensive privacy and cybersecurity programs that address competing regulatory regimes.
Heather routinely guides clients through the existing patchwork of laws impacting privacy and cybersecurity around the globe, including but not limited to:

• California Consumer Privacy Act (CCPA)
• California Privacy Rights Act (CPRA)
• Controlling the Assault of Non-Solicited Pornography And Marketing Act (CAN-SPAM)
• Electronic Communications Privacy Act (ECPA)
• Fair Credit Reporting Act (FCRA)
• Gramm–Leach–Bliley Act (GLBA)
• Health Insurance Portability and Accountability Act (HIPAA)
• Telephone Consumer Protection Act (TCPA)
• Virginia Consumer Data Protection Act (VCDPA)
• State breach notification laws
• State data security laws
• Self-regulatory frameworks (advertising and payment card processing)

Luke Tenery, a Partner with StoneTurn, brings nearly 20 years of experience helping leading organizations mitigate complex cybersecurity, data privacy and data protection risks. He applies extensive expertise in cyber investigations, threat intelligence, incident response, and information risk management to assist clients across the threat and risk continuum—from prevention to detection, mitigation through to remediation and transformation. Luke specializes in situational corporate cyber risks. He helps organizations across a range of industries align robust information security risk management with high- impact initiatives including remediation, M&A due diligence and integration, cyber cost analyses, digital transformation, and Secure Operations Center (SOC) and threat intelligence program development. Luke also assists public companies and their Boards in remediating the long-standing control issues that lead to cyber incidents. Prior to joining StoneTurn, Luke founded the global cyber practice and led the cyber response, investigations, and intelligence practice of an international consulting firm, handling a range of active and emergent cybersecurity threats. Earlier in his career, Luke rose to Deputy Cyber Practice Leader over a 15-year tenure with a global risk management and investigations firm. Luke is a certified chief information security officer (C/CISO). He has performed interim technology and information security leadership functions for his clients. Luke has also advised on cyber issues at the intersection of risk and compliance, as well as those related to financial fraud and data integrity He is a thought leader and frequent author and speaker on topics including incident response, security data analytics, incident remediation, and cybersecurity compliance in the context of payment card industry (PCI) and CFIUS compliance, among other regulatory enforcement issues.