Imagine criminals using ransomware and banking trojans to steal money online — but investigators have no easy way to follow the digital money trail. RAMSES built a smart platform that scrapes the open and dark web, analyzes malware samples, and tracks where the stolen money actually goes. Think of it as a financial bloodhound for cybercrime — sniffing out payment patterns across massive amounts of data. It was tested by real police forces in Portugal, Belgium, and Spain.
Cybercriminals using ransomware and banking trojans generate billions in illegal revenue, but law enforcement lacks integrated tools to trace digital money flows across the open and dark web. Investigators face massive volumes of unstructured data — scraped web pages, malware samples, cryptocurrency transactions — without a unified platform to connect the dots. This gap lets financially-motivated cybercriminals operate with near-impunity across borders.
RAMSES built a modular forensic platform combining deep/dark web scraping, malware sample analysis, image/video manipulation detection (steganalysis), payment tracking, and Big Data visualization tools. Key deliverables include an optimal model system that estimates malware profitability and threat level, plus training programs delivered to police officers and academy students across 3 EU countries.
If you are a cybersecurity firm investigating financial malware incidents for clients — this project developed a platform that scrapes public and deep web sources, tracks malware payment flows, and visualizes fraud patterns using Big Data tools. It was validated by law enforcement in 3 EU countries and could strengthen your forensic investigation capabilities.
If you are a bank dealing with banking trojan attacks targeting your customers — this project built an optimal model system that estimates a malware's maximum profitability and the threat it poses. With 14 partners across 6 countries contributing intelligence, the platform helps you understand how malware spreads and where your customers are most vulnerable.
If you are a cyber insurer struggling to quantify ransomware risk for your policyholders — this project developed tools that analyze malware characteristics and compute how close a threat is to an optimal criminal business model. The platform's profitability estimation could help you build more accurate risk models for underwriting cyber policies.
The project received EUR 3,532,000 in EU funding and included a feasibility study to assess business models for adoption. Specific licensing costs are not published in the project data. Contact the coordinator at Politecnico di Milano for commercial terms.
The platform was specifically designed using Big Data technologies to extract, store, and analyze enormous amounts of structured and unstructured data. It processes web scraping, image/video steganalysis, and malware payment tracking at scale. Validation pilots ran across 3 EU countries with both single-agency and multi-agency collaborative investigations.
The consortium of 14 partners across 6 countries jointly developed the platform. IP ownership details would follow the Horizon 2020 grant agreement terms. Contact Politecnico di Milano as coordinator for licensing discussions.
Yes. Validation pilots took place in Portugal, Belgium, and Spain. The first round tested single-LEA operations at each site, and the second tested collaborative investigations between multiple agencies. Training sessions were also delivered to police officers and academy students.
The platform was built specifically for law enforcement use within EU legal boundaries, with partners from 6 EU countries including research institutions and LEAs. Based on available project data, specific GDPR compliance details are not described in the objective but would be expected given the consortium composition and EU funding requirements.
The platform was designed to be modular and scalable, suggesting integration capability with existing systems. The multi-LEA collaborative pilot demonstrated interoperability between agencies in different countries. Specific API or integration documentation would need to be requested from the consortium.
The platform focused on 2 specific case studies: ransomware and banking trojans — the two most financially damaging malware categories. It covers the full chain from malware distribution tracking to payment flow analysis.
The RAMSES consortium brings together 14 partners from 6 countries (Belgium, Germany, Spain, Italy, Portugal, UK), led by Politecnico di Milano. The mix includes 5 universities, 3 research organizations, 3 industry players, and 3 other entities — with 3 SMEs contributing specialized capabilities. The 21% industry ratio is moderate but appropriate for a law enforcement tool where end-users are public agencies. The multi-country spread across Southern and Western Europe ensures the platform was tested across different legal and operational environments, which strengthens its potential for EU-wide deployment.
Reach the coordinator at Politecnico di Milano (Italy) through the CORDIS contact form or university directory.
Want an introduction to the RAMSES team? SciTransfer can connect you with the right technical contact for licensing, integration, or partnership discussions.
