2. Differentiate attackers’ motives and capabilities
Gavin O’Gorman, a Symantec investigator, looks at the motive behind the attack using two theories—the first implies the attacker or attackers are technically able but not particularly smart. The criminals use a single bitcoin wallet and a single email account for contact, which is not the best way to get payment, according to the firm. “The email account was rapidly suspended by its provider, thus disabling the ability of the attacker to interact with victims,” he notes.