MASTERÂ Assignment
Ransomware as a tool for diversion and coverup. A possible modus operandi for advanced persistent threats?
Type : Master M-CS
Period: Apr, 2022 - Nov, 2022
Student : Hoheisel, R.E. (Raphael, Student M-CS)
Date Final project: Nov 2, 2022
Supervisors:
Abstract:
Covering up a cyber-attack with another attack such as ransomware is rarely seen, yet a realistic and applied scenario. Especially, in times where ransomware attacks affect the majority of companies, using it as a masquerade, smokescreen or to cover up another attack seems to be the ideal moment. As a result, this thesis takes a closer look into this development. It shows that using ransomware as a cover or as a masquerade dates many years back and has been applied multiple times in the recent war in Ukraine. In addition, the thesis investigates actual ransomware cases of security company Northwave in which ransomware might have been used to cover up espionage or other malicious activities, even though, in the end, evidence suggested a purely financially motivated attack with no intention to cover up something. Besides, this study looks into the relationships between state actors such as the Russian government and its relation to ransomware gangs highlighting a sometimes close cooperation between them.