You’ll read a lot today about the $5 million in cryptocurrency that Colonial Pipeline paid to its ransomware hackers. You’ll read a lot today about how the FBI discourages ransomware victims from paying their hackers. You’ll read a lot today about how fragile and vulnerable our infrastructure is. Pay close attention, and do your best to separate out the facts from the fear-mongering.
There are at least four completely separate categories of hackers: 1) Hobbyists who hack for bragging rights. 2) Professional criminals who hack for money. 3) Terrorists who hack to instill fear. 4) Enemies who hack to destroy.
Colonial Pipeline paid the ransom. The hackers restored their systems. Clearly, this hack was about money, and the hackers were “honorable” in that once paid, they kept their word and “returned the hostage” data.
What if these were “dishonorable” hackers? What if they didn’t decrypt Colonial Pipeline’s data after receiving $5 million in untraceable crypto? What if the money was just icing on the cake, and these hackers were terrorists or simply enemies foreign or domestic?
Get your team together today. It’s Friday, the perfect day to gather your leadership team along with your internal and external security peeps to workshop business backup routines, as well as your business continuity and resiliency plans.
Remember: “There are only two kinds of companies. Those who have been hacked and those that will be hacked.”
Author’s note: This is not a sponsored post. I am the author of this article and it expresses my own opinions. I am not, nor is my company, receiving compensation for it.