Ransomware is one of the rising scourges of the business world, with approximately 50% of U.S. companies reporting being hit with a ransomware attack in the past year, according to a recent study. According to the FBI, a 2016 ransomware type that uses unbreakable key-based cryptography compromised an estimated 100,000 computers a day. New ransomware variants are appearing constantly, and companies need to prepare for the possibility of being victimized by this particular type of cyber-attack. The FBI, as well as other security professionals, has recommended a widely accepted, multifaceted preparation strategy—which includes having key insurance coverage in place—that reduces risks and decreases recovery time. Please click here to read an overview of this strategy that appeared in Law360, authored by Orrick’s Darren Teshima and Aravind Swaminathan.
Aravind advises clients in cybersecurity risk assessment and management, breach incident response planning, and corporate governance responsibilities related to cybersecurity. Aravind has directed over 100 data breach investigations and cybersecurity incident response efforts, including ones with national security implications. He also represents companies and organizations facing cybersecurity and privacy-oriented FTC, SEC, and State Attorney General investigations and class action litigation. Aravind is a sought-after speaker on cybersecurity issues, including threat landscapes, mitigation strategies, incident response plans, and threat management in mobile device ecosystems. Aravind previously served on the City of Seattle’s Privacy Advisory Committee, as general counsel to Washington State Governor Jay Inslee's task force on drone legislation, and is currently serving as counsel to PISCES, a first-of-its-kind organization whose purpose is to facilitate information sharing between state and local agencies and municipalities to improve threat intelligence availability to support critical government services.
Until 2013, Aravind served as an Assistant United States Attorney for the Western District of Washington, where he served as one of the district's Computer Hacking and Intellectual Property Section attorneys. As a prosecutor, Aravind investigated and prosecuted a broad array of cybercrime cases, including ones involving hacking, phishing, theft of trade secrets, click fraud, cyber threats, and identity theft. Aravind also led the United States Attorney's Office cybercrime outreach program for the Western District of Washington, where he worked with members of the Department of Justice, state and federal regulators, law enforcement and other organizations on cybersecurity and related privacy issues.
Cybersecurity and Privacy Matters
- Represented computer hardware manufacturer in security breach affecting credit card information, and ensuing state and federal investigations
- Represented information security professionals in litigation and investigations in connection with large data breaches
- Represented major contracting company in national security-related cybersecurity breach that compromised of industrial control systems
- Represented enterprise software and information solutions company in breach of credit card and login/password information
- Represented IT management software company compromised by botnet that leveraged managed endpoints to mine for digital currency
- Represented digital currency security company in phishing attack directed at senior management that resulted in extortionate hacker threats
- Represented major city in connection with compromise of personal information of utility customers and citizens
- Represented industrial supply company in compromise of usernames and passwords for business to business customers
- Represented non-profit institutions in investigation of compromised social security information affecting its members and employees
- Directed cybersecurity assessments and planned remediation efforts for technology, financial services, and other companies
- Advised networking infrastructure company in developing technical global privacy compliance strategy
- Counseled companies in cybersecurity incident response planning, and facilitated tabletop exercises
- Advised boards of directors on corporate governance responsibilities relating to cybersecurity and data privacy
Privacy/Cybersecurity Class Action Litigation
- Represented major retailers in class action litigation alleging deceptive trade practices in connection with gift cards
- Represented payment processor litigation with acquiring bank and ISO in connection with processing of credit card transactions
- Represented application and software company in spyware and consumer protection investigation by Washington State Attorney General
- Represented company in data breach class action litigation affecting tens of thousands of employees' Social Security number and tax information.
- Represented numerous companies in class action litigation brought under the Telephone Consumer Protection Act
- Represented information solutions company against claims asserted under the Electronic Communications Privacy Act
- Served as General Counsel to Washington State Governor Jay Inslee's task force on drone legislation
- Served as member of City of Seattle Privacy Advisory Committee
White Collar and Investigation Matters
- Represented one of the nation's largest independent automobile dealerships in federal money laundering and tax investigation resulting in favorable non-prosecution agreement for individual company owners
- Represented individual in government procurement and false statements investigation and prosecution
- Represented healthcare provider in negligent homicide investigation
- Represented large healthcare provider and leading pharmaceutical company in separate false claims investigation by Washington State Attorney General
- Represented pharmacy chain in DEA diversion investigation
- Represented Japanese individuals in Department of Justice and Securities and Exchange Commission investigation arising out of cross-border healthcare receivables investment company
- Represented environmental technology solutions company in federal criminal grant fraud investigation, resulting in no charges brought
- Represented Hong Kong-based national in Foreign Corrupt Practices Act investigation
- Led internal investigation at public technology company of allegations of Wiretap and Washington State Recording Act violations
Posts by: Aravind Swaminathan
Vendor impersonation is one of the typical varieties of “Business E-mail Compromise” (BEC) scams. In spoofing the e-mail of a trusted vendor, the fraudster persuades a company to redirect its vendor payments to a fraudulent bank account. While courts have found that commercial crime policies cover loss from BEC scams, a recent Fifth Circuit decision found no coverage for the victim of a vendor-impersonation BEC scam under the computer fraud provision of the company’s crime protection policy. Rejecting the company’s arguments that the coverage provision was ambiguous, the court held that the fraudulent e-mail was not the cause of the fraudulent transfer. Orrick attorneys Russell Cohen, Aravind Swaminathan, and Harry Moren comment on this troubling decision at our sister blog, Trust Anchor.