Loading...
HomeMy WebLinkAboutContractKroll | 55 East 52nd Street| New York, New York 10055 T +1 (212) 593-1000 www.kroll.com Certain Kroll companies provide investigative services. See www.kroll.com/licensing for state licensing information. CONFIDENTIAL August 20, 2020 Armondo Pavone City of Renton 1055 South Grady Way Renton, WA 98055 Dear Mr. Pavone: These master terms and conditions will govern the services delivered to City of Renton (“Client”) by the Kroll group company (including its officers, employees and affiliates, “Kroll”) set forth in the applicable statement of work (“SOW”). Client and Kroll (each a “Party”) are referred to below as the “Parties”, and these master terms and conditions, together with the applicable SOW, are referred to as the “Agreement”. 1. Kroll Services Client has engaged Kroll to deliver certain services as set forth in a SOW (the "Assignment"). In the event Client requests Kroll to expand the scope of the Assignment or undertake other assignments ("Additional Assignments"), each such Additional Assignment will be set forth in a new SOW signed by both Parties that references these master terms and conditions and stipulates the fee for the Assignment. Unless otherwise agreed in the SOW, in the event Kroll is requested to (i) provide testimony, (ii) serve as a witness, (iii) update any report, deliverable or other information provided hereunder (the “Kroll Report(s)”) for any events or circumstances occurring subsequent to the initial delivery date of the Kroll Report, or (iv) furnish additional services, such additional services will be agreed in an amended or separate SOW signed by Kroll and Client. Kroll shall deliver its services in accordance with Client’s instructions. However, if instructed by Client in writing, Kroll will perform the relevant Assignment under the direction of Client’s counsel. Kroll understands Client and/or such counsel may provide Kroll with certain information and materials that may be protected by the attorney-client privilege and/or the work product doctrine. Kroll agrees to treat such materials as confidential and subject to privilege. Kroll shall perform the Assignment in an appropriate and competent manner, using individuals with qualifications or skills suitable to the Assignment. 2. Confidentiality Kroll agrees to take reasonable and appropriate measures to maintain the confidentiality of non-public, confidential and/or proprietary information received from Client and which is designated by Client as confidential or that a reasonable person would consider, from the nature of the information and circumstances of disclosure, to be confidential to Client (“Confidential Information”). If any person or entity requests or subpoenas any Kroll Reports or other Assignment-related information or materials within Kroll’s custody or control, Kroll will, unless legally prohibited, promptly inform Client of such request or subpoena so that Client may seek from a court of competent jurisdiction a protective order or other appropriate remedy to limit the disclosure. If Kroll is required to respond to the request or subpoena or to provide testimony, Client agrees to compensate Kroll for reasonable costs and expenses incurred (e.g., reimbursement of reasonable attorneys’ fees and disbursements), including, without limitation, compensating Kroll (at hourly rates as applicable) for responding to legal requests or demands for information and preparing for and testifying at deposition, proceedings and/or trials. Kroll will provide detailed invoices for any costs and expenses for which it seeks reimbursement under this Section. Kroll shall, unless legally prohibited, promptly inform Client in advance of such reasonable costs and expenses. CAG-20-356 2 3. Indemnity Client agrees to hold harmless and indemnify Kroll against all claims, damages and costs (including reasonable attorneys’ fees and disbursements) arising out of any Assignment, except for such claims, damages and costs resulting from any actions by Kroll constituting gross negligence, fraud, willful misconduct or unlawful conduct or a breach of the terms of the Agreement. In connection with an Assignment, if there is a loss of personal data of individuals due to the negligence of Kroll and which gives rise to a legally required data breach notification to those individuals, Kroll will provide such data breach notification services and such services as are otherwise required by applicable law (collectively, the “Data Breach Services”) to the affected individuals at no charge to Client. 4. Limitation of Liability Client agrees, on its own behalf and on behalf of its agents, that Kroll will not be liable for any claims, liabilities or expenses relating to the Agreement or any Assignment for an aggregate amount in excess of the greater of: i) two (2) times fees paid by Client to Kroll pursuant to the SOW under which the claim arose or ii) $100,000, except a) where the claim arises out of Kroll’s breach of the confidentiality or data protection obligations hereunder, in which case Kroll’s liability shall not exceed $500,000, in the aggregate, or b) to the extent such liability is finally judicially determined to have resulted from Kroll’s gross negligence, fraud or willful misconduct, in which case the limits above will not apply. However, in no event will either Party be liable for consequential, special, indirect, punitive or exemplary losses, damages or expenses relating to this engagement, including without limitation damages for loss of data, loss of business profits, business interruption, or other pecuniary loss, even if such Party has been advised of the possibility of such damages. Only the specific Kroll company signatory to the SOW under which the claim allegedly arose shall be liable to Client for any claims, liabilities or expenses incurred thereunder. 5. Data Protection To the extent applicable, the Parties shall comply with relevant national, international, state and/or regional data protection legislation or regulations, including with respect to information disclosed in connection with an Assignment which is personal data (as defined under the relevant legislation or regulation). 6. Computer Forensics To the extent any Assignment includes computer forensics services: Client acknowledges that digital/computer equipment, drives, data and media may be damaged, infected or corrupted prior to forensic analysis being performed hereunder, and Kroll does not assume responsibility or liability for such pre-existing damage or further problems resulting therefrom. Any data, especially data restored from unknown sources, may contain viruses or other malware; therefore, Client assumes responsibility to protect itself with respect to the receipt of data and shall advise its agents and third-party recipients to take similar precautions. Client represents and warrants that (i) it has the right to be in possession of, or is the owner of, all equipment/data/media furnished to Kroll hereunder, (ii) such equipment/data/media is furnished for a lawful purpose, and (iii) where applicable, Client’s collection, possession, processing and transfer of such equipment/data/media is in compliance with any and all applicable laws, regulations and Client policies, including without limitation concerning data privacy and employee consents. 7. Use of Information To the extent any Assignment includes the provision of one or more Kroll Reports: Client shall be permitted to use Kroll Reports solely for its internal business purposes. Client shall maintain Kroll Reports as confidential, and shall not disclose, disseminate, redistribute or otherwise make any Kroll Reports available to any third party, whether in whole or in part, without the express written consent of Kroll; provided, 3 however, that Kroll Reports may be disclosed by Client: i) to its employees, counsel, agents, and representatives (the “Representatives”) who are aware of and agree to the confidentiality obligations herein, and Client shall be responsible for the use and disclosure of Kroll Reports by the Representatives as if it were Client’s own use and disclosure; ii) to third parties subject to the execution by each third party of a form of release reasonably satisfactory to Kroll; iii) if required by law or in response to a lawful order or demand of any court of competent jurisdiction, provided, however, that before making such a disclosure, Client agrees to provide Kroll with prompt prior notice of any such compelled disclosure so that Kroll and/or Client may seek a protective order or other appropriate remedy; and iv) upon written request by a regulator, regulatory agency, or law enforcement agency (“Agency”) having jurisdiction and enforcement authority over Client when (a) deemed necessary by Client to demonstrate Client's compliance with applicable law to Agency, or (b) to avoid imposition by Agency of a fine or penalty on Client; provided, however, Client agrees to provide Kroll with prompt prior notice in advance of any such disclosure. Client further agrees and represents that any Kroll Reports provided hereunder will not be used for employment purposes, credit evaluation or insurance underwriting purposes, and that the services hereunder are being contracted for, and will only be used in connection with a business, investment or other commercial purpose. 8. Fees and Invoicing The fees for any particular Assignment shall be set forth in the applicable SOW. Kroll shall invoice Client’s insurer on a monthly basis. In the event that payment is not received from Client’s insurer within forty-five (45) days of the invoice date, Client agrees to pay Kroll’s fees and costs directly. Any unpaid balances shall accrue interest at the rate of 8% per annum, as measured from forty-five (45) days after the date of each invoice. Client acknowledges its obligation to pay undisputed amounts as set forth above. In the event Client disputes any portion of an invoice, Client will notify Kroll in writing of the disputed charges within forty-five (45) days from the invoice date. Kroll reserves the right to terminate its services at any time if Kroll’s invoices are not paid in a timely manner. Client agrees to reimburse Kroll for any costs of collection of undisputed amounts, including reasonable attorneys’ fees. The fees and charges for the Services do not include applicable federal, foreign, state or local sales, withholding, use, value added, gross income, excise, or ad valorem taxes. Kroll will not be responsible for all applicable federal, state, local, and withholding taxes levied or assessed in connection with Kroll’s performance of Services, other than income taxes assessed with respect to Kroll’s income. 9. Conflicts In connection with its case opening process, Kroll follows procedures designed to identify conflicts of interest. Client understands and agrees that the engagement by Client of a Kroll company for a discrete Assignment(s) hereunder does not prevent Kroll or its affiliated companies from providing services to other clients adverse to Client on matters not substantially related to a particular Assignment being performed hereunder, provided, however, Confidential Information obtained while performing a particular Assignment will continue to be treated as confidential and will not be shared or used in connection with the performance of any other services provided by Kroll or its affiliated companies. 10. Termination Either Party may terminate the Agreement on thirty (30) days prior written notice to the other Party or earlier upon mutual written agreement; provided, however, that the Agreement shall remain in full force and effect until the completion or termination of all active SOWs hereunder. Each Party may terminate any given SOW in accordance with the termination provision set forth therein, or, where no provision has been made, on three (3) days prior written notice to the other Party. For avoidance of doubt, the termination of a particular SOW shall not automatically terminate these master terms and conditions. In the event of any termination, Kroll will be entitled to payment of any invoices outstanding, as well as payment for any undisputed disbursements, fees and/or costs incurred through the date of termination. Provisions of the Agreement which by their nature are intended to survive termination or expiration of the Agreement shall survive expiration or termination of the Agreement. 4 11.Assignability Except as otherwise provided herein, neither Party shall assign the Agreement or any individual Party’s rights or privileges without the prior written consent of the other Party, which consent shall not be unreasonably delayed, conditioned or withheld; provided, however, that the applicable Kroll company may assign the Agreement to any company which controls, is controlled by, or is under common control with Kroll, or in the event of a merger, acquisition or sale of all or substantially all of the assets thereof. 12.Governing Law and Dispute Resolution The Agreement is governed by the laws of the State of New York without regard to the law of conflicts. Any controversy or claim arising out of or relating to the Agreement, or the breach thereof, shall be settled by binding arbitration administered in New York, New York by the American Arbitration Association (“AAA”) in accordance with its Arbitration Rules then in effect. If arbitrated, there shall be one arbitrator agreed to by the Parties within twenty (20) days of a written request for arbitration. If the Parties cannot agree, an arbitrator will be appointed by the AAA in accordance with its Arbitration Rules. Any award from any such arbitration proceeding may be entered as a judgment in any court of competent jurisdiction. Each Party shall bear its own costs in connection with any arbitration or other legal proceeding hereunder. Nothing herein shall prevent either Party from seeking injunctive relief (or any other provisional remedy) from any court having jurisdiction over the Parties and the subject matter of the dispute as is necessary to protect either Party's proprietary rights. 13.Amendment, Waiver and Entire Agreement Any of these master terms and conditions may be amended or waived only with the written consent of the Parties. The Agreement, including any exhibits and appendices thereto, constitutes the entire agreement of the Parties and supersedes all oral negotiations and prior writings with respect to the subject matter hereof. 14.Severability If any portion of the Agreement is held to be unenforceable under applicable law, the Parties agree that such provision shall be excluded from the Agreement, the balance of the Agreement shall be interpreted as if such provision were so excluded, and the balance of the Agreement shall be enforceable in accordance with its terms. 15. Controlling Provisions In the event there is a conflict between these master terms and conditions and the provisions of any SOW or other addendum, the language of the SOW or other addendum shall control where the SOW or other addendum expressly indicates the Parties’ intention to modify the master terms and conditions for the purposes of the Assignment set forth in the applicable SOW or other addendum. * * * These master terms and conditions shall be effective as of the date on which signed by Client below. ACCEPTED AND AGREED: CITY OF RENTON By: ________________________________ Name: ________________________________ Title: ________________________________ Date: ________________________________ 5 ADDENDUM A ADDITIONAL TERMS & CONDITIONS FOR DATA BREACH SERVICES In accordance with the master terms and conditions between Kroll and Client, the Parties expressly agree that these Additional Terms & Conditions for Data Breach Services are intended to modify the master terms and conditions for the purposes of the Assignment set forth in the applicable SOW. 1. Client Responsibilities. Client agrees to provide all information reasonably requested to ensure accurate delivery of services and to provide a data file in accordance with the specifications outlined in the SOW, as well as Client’s final text, logo and signature files, to be used in the notifications. The timeline for mailing the notifications and membership materials to affected individuals will be finalized once Kroll is in receipt of the above information. Client acknowledges and agrees that Kroll is not a law firm, Kroll’s services do not constitute legal advice or legal opinion, and that Client is solely responsible for complying with all applicable laws. 2. Security. Client and Kroll shall each use reasonable administrative, technical, and physical safeguards that are reasonably designed to: (a) protect the security and confidentiality of any personally identifiable information provided by Client under this Agreement; (b) protect against any anticipated threats or hazards to the security or integrity of such information; (c) protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer; and (d) protect against unauthorized access to or use of such information in connection with its disposal. Each party will respond promptly to remedy any known security breach involving the personally identifiable information provided by Client under this Agreement, and shall inform the other party of such breaches. 3. Confidentiality. Client agrees to maintain the confidentiality of all pricing and service descriptions contained in any SOW for data breach services and any other Kroll information designated as confidential unless required by law, pursuant to the Washington Public Records Act, RCW 42.45, or in response to a lawful order or demand of any court of competent jurisdiction. Notices and information required to be provided to third parties in connection with the data breach services pursuant to this SOW will not be considered “Kroll Reports” as defined in the master terms and conditions. 4. Trademarks. Each Party grants to the other Party a non-exclusive, non-transferable, revocable license, without the right of sub-license, to use its trademarks, service marks, trade names and logos for the sole and exclusive purpose of providing data breach services pursuant to this SOW. Either Party may revoke this license at any time upon written notice to the other. Except as expressly set forth herein, neither party shall have any rights, title or interest in or to any trademarks, service marks, trade names or logos owned or otherwise used by the other Party. 5. Credit Reports. Client acknowledges that Kroll does not warrant the accuracy of the information contained in any credit report or credit monitoring report provided under this Agreement, and agrees that Kroll shall not be responsible or liable for any negative factual information contained therein. 6. Availability of Services. In the event any of the services provided through third parties become unavailable or inaccessible to Kroll for any reason, Kroll may elect to discontinue providing such services. Kroll will provide prompt written notice to Client upon Kroll receiving notice from a discontinuing vendor. Kroll may, in its sole discretion, replace discontinued services with an equal or greater valued offering. In the event services cannot be replaced and are discontinued, Client is entitled to a prorated return of fees calculated based on the services already provided and the time remaining for services not yet rendered. 7. Termination. Notwithstanding the master terms and conditions, termination of any SOW for Data Breach Services shall require ninety (90) days prior written notice. In the event this Agreement is terminated, to the extent Kroll has commenced an identity monitoring and/or identity theft restoration service for an individual, such services shall continue for the duration of the enrollment period, or until such time said individual’s identity monitoring and/or restoration services is/are complete, whichever comes first; provided, however, that any remittance due by or on behalf of such individual has been received by Kroll in full. ACCEPTED AND AGREED: CITY OF RENTON By: ________________________________ Name: ________________________________ Title: ________________________________ Date: ________________________________ 6 STATEMENT OF WORK FOR INFORMATION SECURITY AND COMPUTER FORENSICS SERVICES This Statement of Work (“SOW”), dated August 20, 2020, is entered into by and between Kroll Associates, Inc. on behalf of itself and its affiliates (“Kroll”), and Baker & Hostetler LLP (“Law Firm” or “Counsel”), as counsel for City of Renton (“Client”) and incorporates herein by reference master terms and conditions, entered into as of August 20, 2020 between Kroll and Client (together with this SOW, the “Agreement”). All work under this SOW is to be performed at the direction of Law Firm and is subject to the attorney-client privilege and/or the work product doctrine. Capitalized terms herein shall have the meaning ascribed in the master terms and conditions. A.Description of Services Description of services; scope of Assignment Phase 1 - Forensic Investigation/Kroll CyberDetectER® Powered by Red Canary - Budget $70k to $90k • Enterprise-wide (all hosts covered by CyberDetectER® Endpoint) monitoring for approximately 30 days and up to 900 end points. Historical triage collection of forensically relevant artifacts and related analysis of pertinent artifacts to determine and document timeline of pertinent historical events, possible malware infection, data exfiltration methods, and potential account compromise(s) related to security incident. • Leverage CyberDetectER® Endpoint and Kroll's tools for purposes of monitoring endpoints for signs of malware infections, known Indicators of Compromise ("IOC"), and identification of compromised host(s) or account(s). • Kroll may use CyberDetectER® Endpoint and other remote forensic techniques and tools to gather evidence as necessary to facilitate the investigation, including to determine timeframe and scope of sensitive data exposure. • Provide Client with actionable leads to resolve current security events. • Locate IOCs beyond those discovered in other investigations. • Triage forensic analysis of up to six (6) specific system(s) that show(s) relevant evidence of malicious or suspicious activity. • Findings will determine if priority end points, up to three (3) additional, require forensic imaging and deeper forensic analysis beyond triage analysis through Kroll's CyberDetectER® Endpoint service. • Review of pre-Kroll engagement Malware and/or AV scan results and potentially pre-remediated infection(s). • Preservation and analysis of available logs to include Firewall/NetFlow, VPN, web proxy, and IDS/IPS to identify relevant anomalies. • As requested, preserve and analyze Client firewall configuration for settings allowing external traffic into the network. • As requested, attempt to identify or determine if internal servers, including remote access services, are exposed to external networks. • Attempt to identify if sensitive data (PI/PII/PFI or PHI), to include areas of the network where stored, were exposed as a result of any identified compromise. • If available, automated analysis of identified malware binaries and related malware data or dependencies. • Provide recommendations regarding containment and remediation of data event based on results of investigation. • Verbal presentation of findings and drafting of report as requested by Counsel and Client. Phase 2 will commence at the direction of Client and Counsel, if and when requested. Phase 2 - Additional Forensic Steps - Budget TBD; no work authorized without prior written authorization from Client. • As determined by malware investigation and Kroll CyberDetectER Endpoint monitoring review 7 B.Additional Terms and Conditions Specific to Information Security and Computer Forensics Services If in the course of the examination of computers, telephones or other electronic devices, or the examination of electronic media, software content or materials in hard copy form, Kroll or an affiliate observes or otherwise encounters what may be considered illegal contraband, such as images the mere possession of which Kroll reasonably believes to be unlawful, Kroll reserves the right to disclose such contraband to law enforcement. In such an event, and to the extent Kroll reasonably believes is permitted by applicable laws, Kroll will notify the Client of its intention to disclose the existence and/or content of such contraband to the appropriate authorities. To the extent any expedited information security and/or computer forensics services are requested by Client, including work that must be performed over a weekend or holiday, or on an overtime basis, Kroll reserves the right to charge for such expedited services at 1.5 times its normal hourly rates for the applicable services. To the extent Kroll is requested to provide any written testimony or reports relating to information security and/or computer forensics services, such additional services will be provided at Kroll’s standard applicable hourly rates. However, oral testimony at deposition, a hearing or trial will be provided at 1.5 times such rates. C.Fee Structure All fees will be billed simultaneously to Client and Client’s insurer and are not the responsibility of Law Firm. Professional Fees for Kroll’s services under this SOW will be charged on an hourly basis as follows: Consulting Services ....................................................................................................................... $325/hour* Travel Time....................................................................................... 50% of Consultant/Engineer hourly rate Media Preservation/Replication.................................................................................................... $400/media Media / Data Storage .......................................................................................................... $25/media/month *Indicates Beazley preferred rate Based on the information now available and known to Kroll, we estimate Phase 1 of this engagement will cost between $70,000 and $90,000, plus travel time, travel expenses, media output, freight and any applicable taxes. However, frequently the full scope of work cannot be known without further investigation, and thus this estimate may be subject to change based on further information or other developments in the course of the Assignment. Kroll represents that it will not conduct work exceeding $90,000 without obtaining explicit authorization from Law Firm or Client. Kroll will provide notice to Law Firm and Client when it has hit 80% of the estimated budget. In addition to the Professional Fees identified above, additional charges may include reasonable out-of-pocket expenses incurred in connection with the Assignment, but in no case shall the total amount billed under this Assignment exceed $90,000 without prior written authorization from Client. Accepted and agreed: BAKER & HOSTETLER LLP ___________________________________ Name: Title: Date: KROLL ASSOCIATES, INC. ___________________________________ Name: Title: Date: CITY OF RENTON ___________________________________ Name: Title: Date: Anthony Valach Counsel August 20, 2020 Pierson Clair Pierson Clair Managing Director August 21, 2020 8 State licensing information can be found at www.kroll.com/licensing 9 END-TO-END CYBER RISK SERVICES Additional Governance, Risk, Investigation and Diligence Services Business Intelligence and Investigations Compliance Risk and Diligence Disputes Consulting Compliance Regulatory Consulting Legal Management Consulting Security Risk Management STATEMENT OF WORK FOR CYBER CRYPTOCURRENCY AND RANSOMWARE NEGOTIATION SERVICES This Cyber Cryptocurrency and Ransomware Negotiation (“CCRN”) services Statement of Work (“SOW”), dated August 20, 2020 is entered into by and between Kroll Associates, Inc. and its affiliates ("Kroll"), for services by its provider of ransomware negotiation services, and Baker & Hostetler LLP (“Law Firm”), as counsel for City of Renton (“Client”), and incorporates herein by reference the master terms and conditions entered into as of August 20, 2020 between Kroll, Law Firm, and Client (together with this SOW, the “Agreement”). All work under this SOW is to be performed at the direction of Law Firm and is subject to the attorney-client privilege and/or the work product doctrine. Capitalized terms herein shall have the meaning ascribed in the master terms and conditions. The Client wishes to use certain services offered by Kroll’s provider of ransomware negotiation services Coveware Inc., a Delaware corporation (“Provider” or “Coveware”), with respect to recovering certain property of the Client that has become encrypted by a third party (the “Threat Actor”). Provider agrees to use commercially reasonable efforts to recover the Client’s encrypted property, including but not limited to researching free decryption tools, researching commercial decryption tools, and, if necessary, facilitation of a payment to the Threat Actor for a decryption tool (hereinafter the “CCRN Services”), subject to the terms and conditions set forth in the Agreement. A. Description of Services Description of CCRNS Services; Scope of Assignment Client has experienced a security incident involving the encryption of its property, and wishes to engage Kroll service provider Coveware to assist in the recovery of Client’s property. The focus of the CCRN Services is an analysis of the encryption methods and communications of the Threat Actor in order to advise Client and Law Firm on how to safely and expediently procure a means to recover the encrypted Client property. The CCRN Services will encompass five discrete activities: 1) Research & Assessment: Delivered to the Client as soon as practicable given the nature and scope of the Assignment. Research will generally include the type of encryption software, its signatures, and the Threat Actor responsible for the incident. The intent of this research is to assist in advising the Client on the strategic options available to facilitate the recovery of Client’s property. 2) Extortion Negotiations: Provider will directly facilitate communications and negotiations with the Threat Actor on behalf of Client. Client and Law Firm will advise on timeline and budget prior to any negotiations being started. At Law Firm’s direction, Provider will provide regular transcripts of the communications with the Threat Actor to the Client and Law Firm (and their authorized representatives where designated by Client and Law Firm).  All communications with Threat Actor are handled by Provider on Client’s behalf.  Negotiations transcripts provided at the direction of Law Firm at approximate intervals of every 12 hours.  Negotiations can run 24/7, if requested by Client, until completed. 3) Facilitation of Ransom Payment: If necessary and directed by Law Firm, Provider will facilitate a payment to the Threat Actor in order to procure the necessary means to decrypt Client’s property. Client will reimburse Provider for all pre-approved (via the order form submitted to Provider by the Client) costs associated with procuring these decryption tools in accordance with the terms below.  Ransom Settlement Fees & Costs (all part of Reimbursed Expenses):  All transaction and expense costs are passed through to Client for reimbursement  2.9% charge to Client for use of credit cards  0.50% exchange fees charged on all ransom payment amounts  0.50-2.50% charged for overnight, weekend loans to Client (credit approval required)  No limit on amount for wire reimbursements  $50,000 limit on credit card reimbursements (may be waived on a case by case basis)  Loans available only after credit approval by Coveware  Estimated fifteen (15) minutes release timeframe from when payment authorization clears or wire is received  Numerous cryptocurrency types supported  All ransom settlements are subject to pre-payment compliance and sanctions list checks (as detailed below) by Provider on:  Payor of ransom  Authorized Representative of Payor  Wallet of Threat Actor 4) Decryption Support: On a commercially reasonable efforts basis, and if requested by Law Firm, Coveware will provide written documentation (subject to availability) on relevant decryption tools, along with phone and email to provide support to Client’s IT team.  Decryption tool documentation is only available on a commercially reasonable efforts basis (as new types of ransomware may not yet be documented);  Phone and email support for Client’s IT team will be maintained for thirty (30) days post-incident, or as otherwise agreed in writing by the Parties. 5) Post-Incident Written Report: Only upon written request from Law Firm, Provider will provide a post-incident written report as Client or Law Firm may require in order to complete regulatory, insurance or other types of claims and reporting.  Reporting consistent with compliance with OFAC regulations  Detailed incident level reporting including transcripts of negotiations B. Fee Structure & Payment All fees, expenses and ransom amounts will be paid by Client or Client’s insurer directly to Provider, and are not the responsibility of Law Firm. Provider will submit an order form to Client and Client’s insurer setting forth the applicable Professional Fees, Costs and Expenses, and Ransom amounts as those are determined by Provider in the course of the Assignment based on the complexity of the matter and the payment options selected by Client and/or Client’s insurer. This may include an up-front payment at the signature of the SOW in the amount of $2,000.00. Upon procurement of a means to decrypt the Client’s property, the Provider will notify Law Firm and Client and the Client or Client’s insurer, as promptly as practicable, and subject to the Ransom Settlement Fees & Costs set forth above, shall either:  deposit with Provider the Aggregate Incident Fee (as defined below), in cash via wire transfer of immediately available funds, or  authorize Provider to charge an authorized credit card for the Aggregate Incident Fee. Upon verifying receipt of the Aggregate Incident Fee from the Client or Client’s insurer, at Law Firm’s direction, Provider agrees to deliver to the Client the method by which to decrypt Client property. “Aggregate Incident Fee” means the Reimbursed Expenses (as defined below) together with the Provider’s service fee(s) based on the complexity of the case, as set forth in the applicable order form or this SOW (the “Professional Services Fees”). In connection with this Assignment, the Professional Services Fee is $4,000.00. Client also agrees to reimburse Provider for all expenses pre-approved by Client (via the order form submitted to Provider by the Client) and incurred by Provider in providing the Services to Client, including any authorized payments to a Threat Actor to purchase a means of decryption, and all transactional expenses associated with the authorized ransom payment (“Reimbursed Expenses”), except that Provider shall first look to Client’s insurer to reimburse Provider for the Reimbursed Expenses. Payment of the Aggregate Incident Fee by Client or Client’s insurer is due prior to the payment of the ransom amount by Provider on behalf of Client, or where agreed by the Provider, at the conclusion of the CCRN Services, or in the event CCRN Services are terminated by Client or Provider. C. Additional Terms and Conditions for CCRN Services 1. Case Information, Compliance Information, Aggregated Anonymous Data. Provider will provide Client with its standard questionnaire requesting information regarding the Case (the “Case Information”). Client will provide requested information as accurately as possible. Accuracy of the Case Information, including but not limited to information provided directly to the Client by the Threat Actor, is the sole responsibility of the Client. Upon request of Provider, the Client shall provide to the Provider copies of certain information and documents regarding the Client, its business, and employees in order for Provider to perform the Services and to comply with applicable legal and regulatory requirements, including without limitation anti-money laundering regulations and OFAC regulations (the “Compliance Information”). The Client acknowledges that Provider may request additional information from the Client for purposes of carrying out Provider’s compliance procedures. Client further authorizes Provider to retain such Compliance Information solely for its own internal administrative use and as required to comply with legal and regulatory requirements. Client acknowledges and agrees that Provider will, in performing the CCRN Services under this SOW, reasonably rely on facts and assumptions that Client furnishes, and that Provider may use data, material, and other information furnished by the Client without any independent investigation or verification. Provider shall be entitled to reasonably rely upon the accuracy and completeness of such data, material and other information. Provider may suspend provision of the CCRN Services at any time upon written notice to Client, without incurring any resulting obligation or liability, if: (a) Provider receives a judicial or other governmental demand or order, subpoena or law enforcement request that expressly or by reasonable implication requires Provider to do so; or (b) Provider reasonably believes, in its good faith discretion, that: (i) Client has failed to comply with any material term of this SOW or (ii) Client is, has been, or is likely to be involved in any fraudulent, misleading or unlawful activities. Client agrees that Provider may aggregate data generated by Client with other learnings, logs, and data regarding use of the CCRN Services so that results are non-personally identifiable or cannot be reasonably re-identified if used or combined with additional information with respect to Client or Client’s customers (“Aggregated Anonymous Data”). Client acknowledges that Provider is permitted to generate Aggregate Anonymous Data and that Aggregate Anonymous Data is the property of Provider, which Provider may use for any business purpose during or after the term of this SOW (including without limitation to develop and improve products and services and to create and distribute reports and other materials). Provider owns, or has a valid license to use, all intellectual property necessary to perform the CCRN Services and other Provider obligations contemplated by this SOW. 2. Client Representations & Warranties. In connection with the CCRN Services provided pursuant to this SOW, Client represents and warrants that: The Client has full legal right, power and authority to execute, deliver and perform its obligations under this SOW and the Services contemplated hereby. The execution, delivery and performance of this SOW does not and will not constitute a violation or breach of (i) any agreement to which the Client is a party or (iii) to the Client’s knowledge, any applicable federal, state, national, supranational or foreign law, statute, code, rule, regulation or material ordinance of any governmental or regulatory body or agency (collectively, “Applicable Law”). All information that the Client has provided in connection with the Services, including, without limitation, the Case Information and Compliance Information, is, to the best of the Client’s knowledge, true, accurate and complete in all material respects, there are no restrictions on the Client's ability to disclose or publish such data and information in connection with the Services. 3. Pre-Payment Compliance & Sanctions List Checks by Provider. Prior to transmitting any funds on behalf of Client, Client agrees that Provider may use a third-party compliance application called ComplyAdvantage to run a search for i) the Client’s company, and ii) an authorized representative of the Client. Provider will also manually search for the email address and wallet address of the recipient of the cryptocurrency payment on the lists at: US Treasury Office of Foreign Assets Control Specially Designated Nationals And Blocked Persons List ( https://www.treasury.gov/resource-center/sanctions/SDN-List/Pages/default.aspx ) In order for transmission of funds to proceed, at the time of the search by Provider, and with the information available to Provider from Client at the time of the search, no party searched may be found to be on the lists set forth above, such that given the facts and circumstances at the time of the payment, Provider shall have no reasonable cause to believe that the cryptocurrency payment transmitted would be paid to any person(s) appearing on any of the sanctions lists as identified above. Further, as is Provider’s standard practice, Client acknowledges and agrees that Provider will report this case to the Federal Bureau of Investigation (FBI), along with other, similar transactions, in Provider’s next quarterly report to the FBI. Accepted and agreed: BAKER & HOSTETLER LLP ___________________________________ Name: Title: Date: KROLL ASSOCIATES, INC. ___________________________________ Name: Title: Date: Anthony Valach Counsel Augsut 20, 2020 Pierson Clair Pierson Clair Managing Director August 21, 2020 CITY OF RENTON ___________________________________ Name: Title: Date: State licensing information can be found at www.kroll.com/licensing