2. A WAY TO LEARN . A MARK TO MAKE. A WORLD TO CHANGEIESE Business School 2
IESE Consulting Club
Case: Cybercrime Syndicate (1/7)
● Interviewee led (primarily)
● Revenue increase
● Cybersecurity industry
Case Prompt
404 Society, a cybercrime underground organisation, makes money from hacking companies. It either extorts money from blocking access to
computer systems (ransomwares) or sells its service for corporate espionage. The leader has come to you to help him grow his business. There
are lots of hacking products and targets available and the group is confused about which sector to focus on and which products to use to grow
the revenues of the business.
Clarifying Answers
● The company focused on the Industry sector as their IT systems are usually less protected and is an easier target
● Ransomware extortion cost $50k to develop and can be used for 3 months. Every successful attack brings $10k to 404
● Corporate espionage costs $100k of development each time but brings back $350k to 404.
● 404 usually pays a 40% commission fee to its agents who successfully performs the attacks
● The market is huge, so competition does not really matter
● 404 Society finds its clients through Dark Web Marketplaces and is paid in cryptocurrencies (Monero)
● The ransomwares have a life cycle. After a while, they become useless and need to be replaced by another updated tool.
● 404 society performed 120 Ransomware attacks and 50 corporate espionage last year all in the industry sector.
● 404 society has the same capacity for numbers of attacks from year to year.
3. A WAY TO LEARN . A MARK TO MAKE. A WORLD TO CHANGEIESE Business School 3
IESE Consulting Club
Case: Cybercrime Syndicate (2/7)
Interviewer Guide
This is a case that the candidate will need to lead with the use of questioning. The goal of the case is to determine the best product-market fit to boost the
revenues of the company. Guide the candidate with answering clarifying questions. The ideal candidates will understand that they need to calculate the
revenues of 404 Society First.
After being shown exhibit #1, a strong candidate will quickly interpret the cost structure table. The best candidates will include the agent’s salaries and
understand the lifecycle cost without being prompted. The best candidates will also quickly compare the current total costs of the company and the costs
of investing in Banking attacks. Banking attacks are not possible because they require much more capital.
An excellent candidate will realise at question #3 that Espionage is much more profitable than ransomware attacks. Thus the new hires should be placed in
the espionage department. An outstanding candidate will see that there is no point on wasting resources on ransomware and will propose to shut it down
to only focus only on Espionage.
Finally, an outstanding candidate will mention cryptocurrencies and legal aspects of the business as being major risks and will offer creative solutions to
mitigate those risks.
Timeline
1) Calculate the current revenues of 404 Society
2) Using prompt #1 and Exhibit #1, calculate the margins with Ransomware and Corporate Espionage
3) Make a recommendation on which industry and which product to focus on
4) Using prompt #2 and Exhibit #2, calculate the revenue per agent and make a recommendation
5) Make qualitative suggestions
4. A WAY TO LEARN . A MARK TO MAKE. A WORLD TO CHANGEIESE Business School 4
IESE Consulting Club
Case: Cybercrime Syndicate (3/7)
Question #1
What is the current profit of 404 Society?
Solution #1
● Total Costs = 4*50 + 50*(100) = 200 + 5000 = 5200
● Total revenues = (120*10) + (50*350) = 18700
● Profit = (120*10)-(4*50) + 50*(350-100) = 13500 → 40% of salaries → 13500*0.6= 8100
5. A WAY TO LEARN . A MARK TO MAKE. A WORLD TO CHANGEIESE Business School 5
IESE Consulting Club
Case: Cybercrime Syndicate (4/7)
Question #2
Which industry and which Ransomware should 404 Society focus on to increase their profitability? How much more profit can 404 society
increase with your recommendation? (show Exhibit 1)
Solution #2
● Margins from Corporate Espionage
○ Banking = 2*6000 - 20000 = €8M
○ IT = 3*3000 - 6000 = €-3M
○ Industry = 350 - 100 = €250k
○ Energy = 300 - 150/(0.7) = €85k
○ Retail = 50 - 100 = €50k
Industry is the most profitable sector for corporate espionage
Solution is not Banking. Even though it is the most profitable option, 404 society only invests 5M in development, not enough for the banking option.
(Which requires 12M)
● Margins from Ransomware:
○ COVID-19 = (120*10) - 4*50 = (120*10) - 200 = 1000
○ COVID-20 = (120*10) - 2*120 = (120*10) - 240 = 960
○ COVID-21 = (120*10) - 6*30 = (120*10) - 180 = 1020
COVID 21 is the most profitable Ransomware
6. A WAY TO LEARN . A MARK TO MAKE. A WORLD TO CHANGEIESE Business School 6
IESE Consulting Club
Case: Cybercrime Syndicate (5/7)
Question #3
404 Society is looking to hire 3 more agents. In which department should the company hire those 3 agents? (Show exhibit 2)
Solution #3
● Profit per Agent: Ransomware
○ 120/3 = 40 attacks per agent
○ Cost per Attack = 4*50k / 120 = 1,667k
○ Profit per Attack = 10k - 1.66k = 8.33k
○ Profit per agent = 40*(8.33)= $333k
● Profit per Agent: Espionage
○ 50/10 = 5 attacks per agent
○ Profit per Agent = 5*(350-100) = 5*250= $1250k
Espionage is much more profitable than Ransomware attacks. The new recruits should be hired in the Espionage department.
The ideal candidate will identify an opportunity to close the ransomware department and transfer all the agents to Espionage
7. A WAY TO LEARN . A MARK TO MAKE. A WORLD TO CHANGEIESE Business School 7
IESE Consulting Club
Case: Cybercrime Syndicate (6/7)
Question #4
How else could 404 Society grow revenues? What risks are there to the sustainability of the business?
Solution #4
This is the qualitative part of the case, the candidate is supposed to reflect on creative ways to improve revenues. Reflections can include the following:
● Recruit more agents to perform more attacks
● Negotiate better commission (less than 40%)
● Improve the efficiency of development (reduce costs)
● Offer more efficient money laundering scheme (cryptocurrencies are volatile)
● Speculate on crypto-currencies and/or mine them
● Find other revenue channels (ethical hacking, security consulting, government services, spam, credit card theft, identify theft, etc…)
● Contingency plan if getting caught
8. A WAY TO LEARN . A MARK TO MAKE. A WORLD TO CHANGEIESE Business School 8
IESE Consulting Club
Case: Cybercrime Syndicate (7/7)
Exhibit #1
CORPORATE ESPIONAGE
Industry Revenue per attack (k€) Cost per Attack (k€) Success Rate
Banking 20000 6000 50%
Tech/IT 6000 3000 33%
Industry 350 100 100%
Energy 300 150 70%
Retail 100 50 100%
RANSOMWARE
Name LifeCycle Revenue per attack (k€) Cost of Dev (k€) Success Rate
COVID-19 3 months 10 50 100%
COVID-20 6 months 10 120 100%
COVID-21 2 months 10 30 100%
Exhibit #2
COMPANY ORGANISATION
Department # of AGENTS
# of Attacks per
year
RANSOMWARE 3 120
ESPIONAGE 10 50
Cost Structure of 404 Society Current Organisational Structure