Ransomware and Extortion-based Attack Simulation and Detection

About the Project

Edinburgh Napier University’s research Centre for Cyber Security focuses on applied research in areas of threat analysis and detection, digital forensic triage, trust, identity and cryptography, and has had successful real world impact with several spin-out companies.

Ransomware and related extortion attacks include a range of behaviours at various stages of the attack model, including recon, data exfiltration, and data encryption, aimed at extortion from a victim. Crypto ransomware malware when used in attacks, typically locks user data, alongside double extortion which also involves exfiltration of sensitive data. A payment is then demanded from the victim in return for the safe return of access to their files and data. Over the last few years ransomware has become an ever growing threat to corporate as well as personal data, and has seen rapidly evolving tactics and techniques to evade analysis, detection and mitigation.

Research work aims to enhance and develop new methods of analysis and detection of extortion-based attacks, particularly focused on behavioural analysis at different stages in the attack chain. A focus on pre-destructive activity detection and dynamic behaviour analysis, including methods to capture and model features such file and memory interactions and exfiltration methods. Simulation of extortion attacks to generate new datasets, and validate detection work, is another possible focus, with Generative AI an area yet to be explored. The scope of the work and focus of the individual project can be, to some extent, driven by the individual student. The work will be carried out within a small team of researchers here at Edinburgh Napier University working at the forefront of ransomware attack research, including various areas around analysis, datasets, detection and mitigation, for various stages of extortion-based attack chains.

A short research proposal of around 1,000 words outlining the specific project, is expected as part of the application. The project will be supervised by Associate Professor Rich Macfarlane (r.macfarlane@napier.ac.uk) and others from the team. Interested students are encouraged to contact Rich by email to discuss the proposal.

Academic qualifications

First degree with at least a 2:1 classification in one of the following areas:

• cyber security
• threat models
• malware analysis
• dynamic analysis
• ransomware
• generative AI
• file systems
• networking
• cryptography

English language requirement

IELTS score must be at least 6.5 (with not less than 6.0 in each of the four components). Other, equivalent qualifications will be accepted. Full details of the University’s policy are available online.

Essential attributes:

• Strong focus on applied cyber security concepts, such as the attack kill chain, classification of threat information, offensive security.
• Good written and oral communication skills.
• Strong motivation, with evidence of independent research skills.
• Good organisation and time management skills.

Desirable attributes:

• Research skills.
• Programming and software testing
• Ransomware, and malware analysis

APPLICATION CHECKLIST

• Completed application form
• CV
• 2 academic references, using the Postgraduate Educational Reference Form (download)
• Research project outline of 2 pages (list of references excluded). The outline may provide details about
  1. Background and motivation of the project. The motivation, explaining the importance of the project, should be supported also by relevant literature. You can also discuss the applications you expect for the project results.
  2. Research questions or objectives.
  3. Methodology: types of data to be used, approach to data collection, and data analysis methods.
  4. List of references.
• The outline must be created solely by the applicant. Supervisors can only offer general discussions about the project idea without providing any additional support.
• Statement no longer than 1 page describing your motivations and fit with the project.
• Evidence of proficiency in English (if appropriate)

To be considered, the application must use

• the advertised title as project title

For informal enquiries about this PhD project, please contact R.Macfarlane@napier.ac.uk

PhD Start Date: October 2026