Search for a command to run...
On a stormy morning in London, NSA analyst Maya and NCSC operative Elsa are thrust into a crisis: a sophisticated ransomware attack has crippled a UK energy grid subsidiary. The payload bears traces of code from state-sponsored North Korea’s Lazarus Group, Conti-style double-extortion tactics, and the speed of LockBit, a hybrid attack suggesting a terrifying convergence of geopolitical threat actors and organized cybercrime. The subsequent investigation unveils a detailed look at the modern Ransomware-as-a-Service (RaaS) ecosystem, revealing a highly specialized criminal franchise operating from geopolitical safe havens like Russia and North Korea. This teaching case analyzes the structural actors, Operators (like LockBit), Affiliates, and Initial Access Brokers (IABs) and explores the complex, evolving dynamics, including the rise of North Korean “laptop farms” as espionage covers and the fragmentation of the Russian-linked Conti group post-Ukraine invasion. Learners will grapple with the technical, operational, and geopolitical limitations that hamstring law enforcement and national security agencies in combating this transnational threat. The case forces students to address the central dilemma: How can government agencies effectively coordinate across conflicting national sovereignties, combat decentralized and AI-accelerated cybercrime, and strike back against an enemy that is both everywhere and nowhere?