The increase in cyber incidents and data breaches over the last few years has been instructive for prudent businesses seeking to learn from the headlines to enhance their own systems. The same can be said for the bad actors carrying out such attacks.

For every informative takeaway gleaned from high-profile events like the Colonial Pipeline ransomware attack in May 2021 comes a lesson of equal importance for cybercriminals. Sure, the Department of Justice seized approximately $2.3 million of the $4.4 million ransom payment Colonial Pipeline made to its hackers, but the company still made the initial payment. The way the attackers leveraged Colonial Pipeline’s importance to East Coast fuel supplies to coerce the company’s leadership into believing paying up was its “duty … to the American public” serves as a template for other hackers to follow when considering their manipulation tactics.

To this point, a session at Compliance Week’s virtual Cyber Risk & Data Privacy Summit last week sought to provide attendees best practices for combating ransomware attacks. The discussion was modeled around CW’s ransomware attack case study published last winter.