Program: MSc Cybersecurity Governance - Crisis and Security
Management
Course: From Digital Justice to Digital Crime
Assignment: Individual critical review paper
Referencing style: Harvard, specifically the variant used by the political science
department at the University of Amsterdam.
Word count (1500 words 1649
excluding references,
+/-10% as indicated in
the lectures)
Essay title: A Promising Study with Some Unfortunate Drawbacks: a
Review of Meland et al. (2020)
Grade + feedback: 8.5 - “Good structure. Very well written. Impressive
engagement with the literature for a 1500-words assignment (okay, 1649-words
assignment). Well done!”
Assignment starts on the next page.
1
, The development of the darknet has given rise to the sale of illegal goods and services,
including Ransomware-as-a-Service (RaaS). The “The Ransomware-as-a-Service economy
within the darknet” article by Meland et al. (2020) investigates this RaaS-market to create a
better understanding of the space. In this review, the eight parts of Meland et al.’s work will
be evaluated both individually and as a whole. Based on this assessment, the weaknesses
mainly include omitted information in terms of justification, references and the researcher’s
reflexivity. Strengths are found in the consistency of the study, diverse source usage and
elaborating on the research gap.
The authors take a netnographic approach to explore the RaaS darknet market,
specifically focussing on threat severity and value chains. Using an array of sources
including darknet markets, forums, stakeholder interviews, historical data, the scholars
conducted four phases of data collection over a span of two years. The results go over five
categories found in the data, i.e. vendor resilience, market size perspectives, no honour
among thieves, RaaS target market and value chain. What the authors conclude based on
the results and analysis is that RaaS is not a great threat compared to other offered goods
and a schematic overview of the value chain in the RaaS economy is also provided (Meland
et al. 2020).
This essay will now move to the reviewing part. In the abstract, the writers start off
strong, as they briefly go over the study length (“two years”), the method used
(“netnographic research”) and their findings (“RaaS currently seems like a modest threat”
and “value chain and descriptions of the actors involved”) without using arbitrary language
(Meland et al. 2020: 1). These things are considered relevant to increase clarity in abstract
writing, making this section concise. However, the research gap is not mentioned, which is
a shortcoming (Weinberger et al. 2015; Rogers 1990; Murray 2009).
In the introduction section, the authors have a research objective of generating a
better understanding of the RaaS darknet market through assessing the RaaS threat
severity and examining the value chains. This research is claimed to be necessary because
it aids in the development of countermeasures against RaaS. For relational dynamics of
darknet-users are considered helpful in creating countermeasures, and because these
dynamics are under-investigated, the authors seek to fill this gap (Meland et al. 2020).
These concise remarks on the aim, necessity and purpose of the research can be seen as a
strength of this section (Halperin & Heath 2020; Ahlstrom 2017).
Nevertheless, weaknesses can also be identified. The RaaS-problem is not always
communicated explicitly, e.g.: “a dissatisfied employee might decide to partner up with a
RaaS developer” (Meland et al. 2020: 1). This is not a great flaw, but it is unpreferable (Shim
2005; Manan & Raslee 2018). Furthermore, the lack of sources in the first two paragraphs is
worrisome. The aforementioned quote for example is not sustained with evidence
(Koutsantoni 2004; Neville 2012).
In the literature overview, the authors included a background section. This can place
the actual literature review (subheading: ‘related research’) in the right context and is
considered to be good practice, despite its unusual placement in the paper as the context
is usually included in the introduction (Shenton 2004; Halperin & Heath 2020; Miller &
Dingwall 1997). Another strength are the sources, which are relevant and up to date (no
older than 11 years since time of writing), which is preferable (Ridley 2012). Furthermore,
conceptualisations of ransomware, the darknet and RaaS have been provided. However,
‘value chains’ were not defined, which is not seen as common knowledge, making a
conceptualisation necessary (Kaplinsky & Morris 2000; Koutsantoni 2004).
Though the authors do not explicitly mention the research gap, there are again
implicit phrases hinting at this, which forms a drawback (Shim 2005). An additional
2
