Current Cyber Attacks - War Stories from the MME Cyber Risk Incident Team

Ransom attack on a Swiss industrial company with subsidiaries in the EU. Numerous servers encrypted. Production shutdown. Data extracted and published on the Dark Net.

  • Legal support to the management
  • Cooperation with cyber insurance, claims adjuster and technical incident team
  • Support for reporting requirements under stock exchange law.
  • Support for reporting to NCSC (Swiss National Cyber Security Centre)
  • Support PR
  • Coordination of information for employees and clients
  • Clarification of reporting obligations DSGVO/GDPR
  • DSGVO/GDPR data breach notification in France, Italy, Austria and Spain
  • Criminal complaint in Switzerland  Criminal complaint in France

 

Ransom attack on a Swiss SME in the construction industry (entire company data encrypted and extracted)

  • Legal support to the Management
  • Clarification of reporting obligations in Switzerland

 

Ransom attack on pharmaceutical company (encryption of company data).

  • Legal support management and IT
  • Clarification of reporting obligations in Switzerland
  • Clarification of reporting obligations DSGVO/GDPR

 

Ransom attack on a FinTech company. Internal server encrypted. Sensitive data extracted and published on the Dark Net.

  • Cooperation with cyber insurance, claims adjuster and technical incident team.
  • Coordination of information for employees and customers
  • Support in the defence against customer claims

 

Phishing/Man-in-the-middle attack on Swiss holding company with subsidiary in the Czech Republic. Customers are informed of "new" bank accounts.

  • Legal support Management
  • Defence against financial loss
  • Cooperation with cyber insurance, claims adjuster and technical incident team.
  • Clarification of reporting obligations in Switzerland
  • Clarification of reporting obligations DSGVO/GDPR

 

Reinsurance

  • Implementation of processes with templates for mandatory reporting of cyber attacks to FINMA.

 

Ransom attack on listed on stock exchange company. Encryption server.

  • Representation of IT providers in defence against claims

 

Attack on IT Cloud Provider

  • Representation in defence of customer claims

 

What are our "lessons learned"?

  • All types of companies are attacked - large and small
  • Even well-protected companies have been hacked. Absolute technical and organisational protection is not possible
  • The decisive factor is time. The faster the technical and legal intervention force is on site, the more effectively the damage can be limited. A cyber risk insurance that provides immediate support and/or an emergency concept with technical specialists are essential.

Our MME Legal Incident Response Team will be happy to assist in an emergency Link. To minimise risk, we recommend our preventive Incident Response Retainer service Link. In a workshop together with InfoGuard AG, the contact persons and emergency processes are defined and the critical IT systems and data are identified and analysed.

June 2021 | Author: Dr. Martin Eckert.

Your team

Contact

In need of legal, tax or compliance advice? We look forward to contacting you.