Tips for Preventing and Addressing Ransomware Attacks at Your Government or Casino

Frederick K. Taylor | Partner | fred.taylor@procopio.com

Ransomware is a particularly nasty breed of malicious software which, once downloaded and executed, will encrypt files and bar access to a wide array of computer systems. Tribal entities can be particularly attractive targets for ransomware attacks because of their operations of both governmental entities and casino operations.

In March 2018, the City of Atlanta was hit by a ransomware attack that seized its digital infrastructure and ground vital services to a halt. The court systems, water department and police department were all impacted. Police officers had to file paper reports for days after the initial attack. The attackers initially demanded over $50,000 in Bitcoin payments. The city refused to pay the ransom, but eventually paid over $6 million for recovery and upgrade costs, and may eventually have spent over $17 million.

Earlier this year, slot machines at several casinos from Louisiana to Oklahoma appear to have been the target of possible ransomware attacks that also showed that the attackers had access to a wide range of their operations. A computer analyst stated to Computer Business Review magazine that “[i]f someone wants to hack a casino, it’s surprisingly easy. . . they don’t segregate their networks properly, you’ll be able to interact with all kinds of machines, from the slot machines to even the card shufflers and camera systems.”

Accordingly, it is especially important for Tribal entities to protect and prepare themselves for such attacks. Here are a few things that can be done on the front end to prevent such attacks:

• Keep all operating systems and programs up-to-date (especially making sure that the latest security patches are installed).
• Back up data in a secure and recoverable manner (and stress test the backups to ensure that you can retrieve your data!).
• Limit access to sensitive data to employees for whom access is critical to operations
• Perform cybersecurity review and risk assessments, including penetration testing every six months.
• Evaluate what systems are most critical to protect from distributed denial of service attacks (DDoS).
• Train employees on security awareness stressing the importance of strong passwords and avoiding clicking on attachments/links in emails.
• Establish relationships with cybersecurity lawyers and local law enforcement cybersecurity divisions.
• Speak with your insurance broker about whether cybersecurity and ransomware attacks are appropriately covered.

If your organization is unfortunate and is hit with a ransomware attack, here are some of the important things you’ll want to do:

• Contact law enforcement, your insurance broker, your cybersecurity counsel and a computer forensics consultant.
• Secure your backup data and make sure it has not been compromised; you can then consider taking your backup data offline to ensure its safety.
• Determine the extent of the intrusion and isolate the data that has been impacted.
• Require “proof of life”; you want to ensure that the attacker actually has the ability to retrieve your data. In many cases, attackers have acquired a piece of ransomware that they don’t know how to operate.
• Hire an experienced ransomware negotiator if necessary to navigate through the possibility and execution of paying the ransom; you should also be consulting with your insurance broker, counsel and law enforcement in this process

Overall, the best offense is a good defense. With proper planning upfront, you can greatly reduce the probability of a ransomware attack. But, if you are attacked, remain calm and implement a plan which considers the tips mentioned above.

 

Frederick K. Taylor is a Co-Leader of Procopio’s Privacy and Cybersecurity practice group and a member of its Native American Law practice group. Fred represents clients in a wide variety of industries including high technology, Internet and electronic commerce, financial institutions, chemical companies, public entities and Native American tribes. His practice focuses on litigation in the areas of intellectual property, financial institutions, complex commercial disputes, environment enforcement defense and Native American issues. He can be reached at 619.515.3279 or at fred.taylor@procopio.com.

Business Interruption Insurance Coverage: What Tribal Governments Need to Know

Have you checked your insurance policy lately? You may have a claim for business interruption coverage due to COVID-19.

Such claims should be vigorously pursued. Tribal businesses and casinos are key to Tribal governments as they provide vital revenue for government services such as healthcare, education and public safety.

If you have yet to review your policy, we encourage you to do so, and also to watch our complimentary webinar below, which discusses best practices when handling your possible COVID-19 insurance claim. You can find a full collection of articles and webinar recordings regarding COVID-19 on our website at Procopio.com/COVID19.

DISTRESSED TRIBAL COMMUNITIES (PROMISE) ZONED TO A BETTER FUTURE

By: Kele Bigknife | Intern | bigknife@umich.edu

Theodore J. Griswold | Partner | ted.griswold@procopio.com

The Promise Zone Initiative was launched under the Obama administration in January 2014 to designate and aid a number of high-poverty urban, rural, and tribal communities to create jobs, increase economic security, expand educational opportunities, increase access to quality, affordable housing and improve public safety.  A community seeking designation was tasked with detailing how the Promise Zone designation would help accelerate and strengthen the community’s efforts for revitalization.  Selection as a Promise Zone partners the community with federal government liaisons to help the community gain a competitive advantage in applying for federal grants and loans, and to streamline the federal bureaucracy.  The goals of the program include boosting economic activity and job growth, leveraging private investment, expanding educational opportunities, and the secondary benefit of reducing violent crime.

The third and final round of selections for Promise Zone Communities was announced earlier this summer, and two tribes are among the nine additions.  The Spokane Tribe of Washington and the Turtle Mountain Band of Chippewa Indians in North Dakota join the Pine Ridge Indian Reservation of the Oglala Sioux Tribe in South Dakota (second-round admits), and the Choctaw Nation of Oklahoma (first-round admits) as “Promise Zone” communities.

The Promise Zone’s tag-line reads “a child’s zip code should never determine her destiny.”  The effects of being raised in an impoverished community historically correlates to the child’s odds of graduating high school, her health outcomes, and her lifetime economic opportunities.  Many tribal areas have seen the devastating effects of poverty, and have suffer from a lack of housing, jobs, health services, and educational opportunities.  However, with the help of the Promise Zone program, hope has returned to some of these communities.

Moreover, the program works.  The Choctaw Nation of Oklahoma is one of the oldest tribal communities in the US, and has seen some areas of its reservation at a poverty rate of nearly 52%. After receiving the Promise Zone designation, the tribe has received close to $100 million in federal investments that have funded new affordable housing, a health clinic, child development programs, a community center, and rural development projects that have provided some citizens with access to potable water for the first time.  Additionally, the Choctaw Nation has secured $21 million in New Markets Tax Credits to build an environmentally sustainable steel manufacturing facility, which will support approximately 300 new jobs in the region.

Pine Ridge Indian Reservation of the Oglala Sioux Tribe once faced poverty rates higher than 49% of their population, and has seen similar economic advances as the Choctaw Nation since being designated a Promise Zone.  The reservation has expanded access to high-speed internet, built water and sewage infrastructure within the community, and supported an after school meal program through the USDA Child and Adult Care Food Program.

With these Promise Zone tribal success stories, the future appears brighter for The Spokane Tribe of Washington and the Turtle Mountain Band of Chippewa Indians.  Some of the proposed plans for these tribes include creating jobs through investments in renewable energy, constructing affordable houses, establishing technology centers and regional food hubs, and reducing crime by updating law and order codes and community policing strategies.

If you are a tribal official or member of a distressed tribal community who missed out on this round of the initiative, there are still many ways to benefit from the program.  The US Department of Housing and Urban Development’s website maintains a comprehensive list of federal grant opportunities for distressed communities.  Communities who did not receive Promise Zone designations are welcome to apply for any of these grants and work toward their own, more promising future.

Kele Bigknife is a citizen of the Cherokee Nation and is in his third year at the University of Michigan Law School. He is a member of the Editorial Board for the Michigan Business and Entrepreneurial Law Review. Kele is a recipient of the 2016 Procopio Native American Internship.

Ted is head of the Native American Law practice group and primary editor for the Blogging Circle. Connect with Ted at ted.griswold@procopio.com and 619.515.3277.

Tribe Beats Beer Behemoth in Trademark Settlement

By: Kele Bigknife | Intern | kele.bigknife@procopio.com

Theodore J. Griswold | Partner | ted.griswold@procopio.com

In June, the Lumbee Tribe of North Carolina filed suit in federal court against beer giant, Anheuser-Busch LLC (AB), and one of its distributors R.A. Jeffreys Distributing Co. LLC, alleging trademark infringement, unfair competition, and unfair and deceptive practices. Without the Tribe’s permission, AB and R.A. Jeffreys used the Tribe’s logo mark and slogan mark in promotional material advertising Budweiser and Bud-Light alcohol products at multiple convenience stores near the Lumbee reservation.

The lawsuit claimed that AB’s use of the allegedly infringing marks led to a significant amount of confusion within the community and among consumers, creating a false impression in the minds of the public that the Lumbee Tribe had approved of AB’s products being sold under its logo and slogan. According to the complaint, many members of the Lumbee Tribe found the advertising offensive because alcohol abuse is often associated with Native American communities.

AB and R.A. Jeffreys quickly settled the lawsuit with the Tribe in exchange for a “sizeable donation” to one of the Tribe’s nonprofits, cessation of the advertising campaign, and an apology for the improper use. The Tribe has announced that the settlement money will go towards supporting education and youth programs.

This story is an example that even against a huge multi-billion dollar corporation, a Tribe should fight to protect its valuable intellectual property rights and ensure that a Tribe’s name, customs and culture are not abused for third party financial gain. It also exemplifies the importance of Tribal Governments trademarking their identity to protect their image and expedite resolution when abuse occurs.

Kele Bigknife is a citizen of the Cherokee Nation and is entering his third year at the University of Michigan Law School. He is a member of the Editorial Board for the Michigan Business and Entrepreneurial Law Review. Kele is a recipient of the 2016 Procopio Native American Internship.

Ted is head of the Native American Law practice group and primary editor for the Blogging Circle. Connect with him at ted.griswold@procopio.com and 619.515.3277.

 

 

Navigating the Marijuana Minefield in Indian Country

By: Theodore J. Griswold | Partner | ted.griswold@procopio.com
Stephanie A. Conduff | Attorney | stephanie.conduff@procopio.com

Yes, marijuana in Indian Country is illegal. You can get raided. Ask the Alturas Indian Rancheria and the Pit River Tribe in California. They were both raided by the Bureau of Indian Affairs (BIA) and the Drug Enforcement Administration (DEA) earlier this week. The agencies seized more than 12,000 marijuana plants and 100 pounds of processed marijuana.

In the raid they didn’t take tribal property, and there aren’t any federal charges pending. That seems like a pretty good day in Indian Country. I guess if you are the foreign national who put up all the cash to grow the plants, then you are likely pretty angry that the BIA and DEA have all of your profit in evidence bags across town. But, for the tribal government I would think that you may start thinking about bringing back your event center and closing up the cultivation shop.

The US Attorney’s Office consulted with members and representatives of both tribal governments on multiple occasions, and reminded the tribal governments that the cultivation of marijuana is still illegal under federal law and that anyone engaging in such activity did so at the risk of enforcement action. Usually raids are less consultative and more kick-in-the-door-this-is-going-down.

One of the major misconceptions in Indian Country right now is about prosecutorial discretion. It is just that…discretion.  And it can change like the winds.  Or like political parties change.  So just how much do tribal governments want to invest in social, political and financial capital?

According to the US Attorney’s office, the search warrants and seizures are part of an ongoing investigation relating to the financing and management of the commercial marijuana-cultivation projects. The concerns that led to the investigation were not disclosed. So is this about growing marijuana? Or about business dealings?

Here, according to search warrant affidavits, the investigation indicates that operations may have been financed by a third-party foreign national. And that leads us to another important question. Who are we choosing to do business with in Indian Country? Where are the profits going? And is this going to bring additional scrutiny in the form of prosecutorial discretion raiding tribal businesses and lands?

Or is this about the size of the operation? The US Attorney’s Office emphasized that large-scale commercial marijuana grows on tribal lands have the potential to introduce quantities of marijuana in a manner that violates federal law, is not consistent with California’s Compassionate Use Act, and undermines locally enacted marijuana regulations. Would this raid have occurred if the operation was more moderate?

So, what lessons did we learn?

Marijuana is still illegal in Indian Country. And, if tribal governments are going to pursue this as an economic development diversification strategy, then they should be mindful of the consultative conversations with the DEA and BIA which are required under the prosecutorial discretion and know who is involved in financing their start-up capital. It matters.

Ted is head of the Native American Law practice group and primary editor for the Blogging Circle. Connect with Ted at ted.griswold@procopio.com and 619.515.3277.

Stephanie is a member of the firm’s Real Estate and Environmental Team and a member of the Native American Law practice group. She provides advice and strategic policy analysis on national regulatory issues and advises clients of the legal and policy issues.