Marieke van Lange delves deeply into the ecosystem of a Russian ransomware group in her research. What makes their operations so efficient, and how can we disrupt their game? By analysing the value of each activity, we can uncover their weak points. With these insights, we can take targeted action, disrupt the entire operation, and tackle the cyber threat from within!
What did you research?
I conducted research on a Russian ransomware group and how we can better and more effectively disrupt their operations. In a ransomware attack, documents belonging to companies or individuals are held hostage and are only returned upon payment of a ransom. In my research, I focused on the value chain, which refers to a series of activities where value is created at each step. I examined how these cybercriminal groups assign value to different activities, or rather, how important the various components of their operational structure are. By understanding which activities are crucial for the survival of a cybercriminal group, we can identify their weak points. With this knowledge, we can more effectively target and disrupt key parts of their operation, ultimately dismantling the entire ransomware group.
Why is this so important?
The criminals behind ransomware are more dangerous than ever. They use sophisticated techniques to gain access to the data of large companies, governments, hospitals, and universities. They then encrypt this data and demand large sums of ransom to release it. These cybercriminal groups are large, powerful, and anonymous, making it difficult to arrest individuals. One solution is to disrupt the activities of these ransomware groups, making it harder for them to organise attacks. Authorities can achieve this by cutting off digital financial flows. To do this effectively, it is crucial to know where to hit the ransomware group financially in order to have the most disruptive impact.
How does the research process work?
During my research, I completed an internship at the FIOD, the investigative service of the Dutch Tax Administration. The FIOD conducts criminal investigations into fraudsters, scammers, and also ransomware criminals. During my internship, I worked with the team specialising in financial cybersecurity and observed various investigations. It was a lot of fun and very exciting because it gave me a behind-the-scenes look at an organisation you would normally never get to see. This was my favourite part of my thesis: ending up in an unexpected place where your research can genuinely contribute.
What did you enjoy most about your research?
Catching Russian cybercriminals!
Of course, this wasn’t quite the case in practice, but it was still exciting and enjoyable to contribute to a criminal investigation into a notorious group of criminals. The data source for this research was a large database containing 168,000 chat messages. I really enjoyed going through these messages, looking for clues about value attribution, and also reading the personal communication between these criminals!
What was the biggest challenge?
The biggest challenge was applying the value chain to cybercriminal research. The value chain is typically used as a concept to gain insight into the activities of a business and the processes involved in creating a product. However, I applied the value chain in combination with a data source to conduct empirical research on criminal activities. Since this approach is uncommon, it was definitely a challenge to figure it out on my own. That said, this form of scientific research into criminal activities does appear to have added value in the field of cybercrime investigation!
What is the most important thing you learned?
During my internship, I learned that cybercriminal organisations operate in a similar way to "normal" companies, with a hierarchy, organisational structure, and salary agreements. This insight makes it possible to apply the knowledge gained from the TPM (Technology, Policy and Management) programme to criminal investigations, which I found incredibly interesting!
I also learned that a degree in Systems Engineering, Policy Analysis, and Management (TBM) can take you anywhere. The world is essentially a vast collection of complex systems, and as a specialist, you know how to navigate them. Whether your passion lies in the public or private sector, in cybersecurity, IT architecture, or a completely different field, you will always add value!
What’s happens next?
The FIOD will continue working with my research findings and recommendations to incorporate scientific research into their own criminal investigation procedures. It's pretty cool that through an internship like this, you not only contribute to science but can also make a tangible impact on an organisation!
Study related
Why did you choose the Master's in Complex Systems Engineering and Management (CoSEM)?
After completing a Bachelor's degree in Natural Sciences and Innovation Management at Utrecht University, I felt the need for more practical application and further technical broadening. Through CoSEM and a specialisation in I&C, I expanded my technical knowledge even further. With numerous group projects and opportunities for internships, such as my thesis and courses with fictional clients, I have gained relevant experience that is now proving invaluable as I start my career!
What knowledge from your MSc do you still frequently use?
During my CoSEM Master's programme, I primarily learned how to understand complex systems with multiple stakeholders. In the future, I would like to apply these insights within the social domain to achieve a positive societal impact.
![[Translate to English:]](https://filelist.tudelft.nl/_processed_/0/b/csm_Header%20afbeelding%20InDetail%20-%20Stefan%20Buijsman%20-%202_01_55cada31b0.webp "[Translate to English:]")
