The increase in cyber incidents and data breaches over the last few years has been instructive for prudent businesses seeking to learn from the headlines to enhance their own systems. The same can be said for the bad actors carrying out such attacks.
For every informative takeaway gleaned from high-profile events like the Colonial Pipeline ransomware attack in May 2021 comes a lesson of equal importance for cybercriminals. Sure, the Department of Justice seized approximately $2.3 million of the $4.4 million ransom payment Colonial Pipeline made to its hackers, but the company still made the initial payment. The way the attackers leveraged Colonial Pipeline’s importance to East Coast fuel supplies to coerce the company’s leadership into believing that paying up was its “duty … to the American public” serves as a template for other hackers to follow when considering their manipulation tactics.
