Ransomware attacks, orchestrated by cybercriminal organizations, pose a global threat in our digital era by exploiting system vulnerabilities and demanding ransoms for seized and encrypted data. Conti, a Russian ransomware group, ceased to exist after a 2022 data leak, offering a unique opportunity to study their modus operandi. The leak includes chat transcripts containing indicators of value, like compensation agreements and digital transaction details. By using the value chain lens, these indicators can be used to determine how ransomware groups create and allocate value within their operations. This understanding is essential for law enforcement aiming to disrupt ransomware activities more effectively, as targeting the most valuable components of their operations can result in significant disruptions to the organization. This value attribution is currently unknown. The question this thesis attempts to answer is: How do ransomware groups allocate value to the activities of the ransomware value chain, and how can this inform law enforcement in developing effective intervention strategies? The methodology involves an exploratory research approach to Conti's public chat transcript data, supported by blockchain analysis. The final deliverable includes a value analysis through the value chain lens and recommendations for the FIOD. These recommendations include insights gained from studying the value creation, compensation, and allocation of ransomware groups, highlighting strategic points along the value chain where disruption would result in the most significant impact. These insights are crucial for enhancing criminal investigations and guiding authorities to disrupt valuable and critical activities within ransomware operations effectively.

Recent advances in the field of ‘Zero Trust’ security strategies have revealed that there is still much novelty regarding the concept of Zero Trust architecture (ZTA). Zero Trust has recently gained attention as the traditional approach, based on network perimeter security, is being outplayed by sophisticated cyber attacks. This research contributes significantly to the scientific knowledge base, as ZTA is hardly investigated. Moreover, recent developments are causing the perimeter to disappear, such as increasing collaboration between companies, ecosystem connections, and working from home due to Covid-19. As a result, public and private organizations need to rethink how to protect their IT infrastructure, assets and data better.
Several organizations are willing to opt for a Zero Trust approach because of its benefits. These benefits include improved security, reduced complexity, and lower overhead and operational costs. Additionally, innovation in enterprise architecture security is urgently needed as it can reduce data breaches, decrease lateral movement, and avoid ransom payments and a company freeze.

Even though Zero Trust brings many advantages, it has not yet replaced existing perimeter-based security approaches. The complication is that many organizations struggle with the implementation of ZTA due to a lack of knowledge and clarity on how to implement the Zero Trust security strategy. Additionally, “Zero Trust” is one of the most frequently used buzzwords in cybersecurity, making it hard to distinguish an actual ZTA. Complexity and misunderstandings of Zero Trust lead to failed projects and implementations. Furthermore, ZTA implementations are complex, and a predefined one-size-fits-all approach does not exist.

Moreover, organizations willing to transform their traditional architecture to a more advanced ZTA lack guidance in their transformation. However, Zero Trust solutions are marketed by multiple vendors, including Zscalar, IBM, Microsoft, and Palo Alto. There is no clear guidance for Enterprise Architects to support organizations in the transformation to a ZTA. Thus, research is needed to investigate 1) what Zero Trust architectures are, 2) what the challenges are, and 3) what the design principles for a successful ZTA transformation are.

The thesis reconstructed and analysed transaction-level data of a particular darknet market. Moreover, the thesis reveals what kind of vendors are active on this darknet market, based on their characteristics. Finally, this research identified what the relative importance is of different vendor characteristics for vendor performance on darknet markets.