This approach will likely be most useful for large enterprises that get attacked, since they're more likely to have a buffered packet capture of network traffic. This is still incredibly powerful given that most ransomware-prevention mechanisms are completely useless once the ransomware is already in your system.