2023 Conference on International Cyber Security | 7-8 November 2023
Register now

< Return to program overview

Panel 6


Analyzing Cyber Operations: Motivations, Means and Methods

Karen Nershi

Karen Nershi is an Assistant Professor of Political Science in the School of Politics, Economics, and Global Affairs at IE University in Madrid, Spain. Through an empirical lens, her research examines international cooperation and regulation challenges emerging from the adoption of new technologies. Specific topics she explores in her research include ransomware, cross-national regulation of the cryptocurrency sector, and international cooperation around anti-money laundering enforcement.

Karen Nershi was a postdoctoral fellowship at Stanford University’s Cyber Policy Center and Center for International Security and Cooperation 2021-23. She earned her Ph.D. in political science from the University of Pennsylvania in 2021.


Personal website


Shelby Grossman

Shelby Grossman is a research scholar at the Stanford Internet Observatory. Her primary research interests are in online safety and comparative politics. She has ongoing projects on online-facilitated crimes against children, large language models and propaganda, ransomware, and safety issues related to search. Shelby's research has been published in Comparative Political Studies, Political Communication, World Development, and World Politics. Her book, "The Politics of Order in Informal Markets," was published by Cambridge University Press. She is co-editor of the Journal of Online Trust and Safety, and teaches classes at Stanford on open source investigation and online trust and safety issues.

Shelby was an assistant professor of political science at the University of Memphis from 2017-2019, and a postdoctoral fellow at Stanford University’s Center on Democracy, Development, and the Rule of Law from 2016-17. She earned her Ph.D. in Government from Harvard University in 2016.

Personal website




Assessing the Political Motivations Behind Ransomware Attacks

Although traditionally viewed as apolitical, recent developments suggest there may be connections between some ransomware groups and the Russian government. To better understand this relationship, we created a dataset of 4,194 ransomware victims posted to the dark web between May 2019 and May 2022. We find that Russia-based ransomware groups increased attacks before elections in several major democracies, and companies that curtailed operations in Russia after the invasion of Ukraine were more likely to be targeted; these findings suggest potential political motivations behind these attacks. We also analyze a major ransomware group's leaked internal communications, which show ties to the Kremlin. We argue that the Russian government maintains an informal cooperative relationship with groups by providing safe harbor from prosecution and receiving plausible deniability for attacks and access to skilled cyber actors. Our findings suggest ransomware presents an international security threat in addition to functioning as a form of crime.