Ransomware and the value of attribution

Next story
James Pavett

A survey looking into Ransomware in 2016 has produced some very interesting findings.

A recent study into encryption ransomware discovered some interesting statistics by the end of year 2016. The analysed statistics showed that a regular user was attacked with encryption ransomware every 10 seconds, with an organisation attacked every 40 seconds.

Amongst the attackers it was discovered that 47 out of 60 crypto ransomware families can be attributed to Russian speaking groups or individuals. However, how important is attribution in the fight against cybercrime?

We talk with Mark James, ESET IT Security Specialist, and get his professional opinion on attribution in helping law enforcement in cyber security.

“Attribution can help both law enforcement and businesses get a better understanding of exactly how the malware does it job.

Possible motives, likely attack vectors and even in some cases a clear understanding of the reasoning for the attack in the first place.

Cyber defence is all about knowledge and anticipation, for your defence to be at its best ideally you need to know all about your attackers.

“Not just what this current malware does, but previous malware strains and variants from the same makers or authors.

“Of course this one may be very different but it also may be a smokescreen or carrier for something else, a curve ball as such.

“Whilst you can invest in broad defence techniques, effective protection is made up of many layers.

Knowledge and background make up those layers along with expertise, software, hardware and experience.”


How important do you think proper attribution is? Let us know on Twitter @ESETUK


Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.