{"id":47835,"date":"2016-03-01T09:38:04","date_gmt":"2016-03-01T17:38:04","guid":{"rendered":"https:\/\/blogs.mcafee.com\/?p=47835"},"modified":"2025-06-06T01:28:17","modified_gmt":"2025-06-06T08:28:17","slug":"targeted-ransomware-no-longer-future-threat","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-ransomware-no-longer-future-threat\/","title":{"rendered":"Targeted Ransomware No Longer a Future Threat"},"content":{"rendered":"<p><em>This post was written by Christiaan Beek and Andrew Furtak.<\/em><\/p>\n<p>In 2015, McAfee investigated a ransomware campaign that targeted the financial sector of a certain country. This was the first time we had observed ransomware targeting a particular sector. The infection vector in that case involved a phishing campaign directed at multiple financial institutions.<\/p>\n<p>During recent weeks, we have received information about a new campaign of targeted ransomware attacks. This time the attackers compromised an external-facing server and used that access to move around the victim\u2019s network. By separating functions that are usually present in ransomware, the adversaries attempted to avoid detection as much as possible.<\/p>\n<p>The stages of this attack included leveraging access to the external system to gain access to many other systems on the internal network. A series of scripts and tools deleted the volume shadow copies and unlock files that were in use, thereby maximizing the impact and thwarting attempts to restore data. Before the actual encryption started, the ransomware divided the candidate files into categories based on size and encrypted the smallest files first. We assume this was to maximize the number of impacted files, even if the process was shut down before it completed. After the files were encrypted, a ransom note was left on the desktop. The note demanded Bitcoins in exchange for the decryption tool and private key to decrypt each of the files.<\/p>\n<p>A more detailed account of our analysis (combining information from organizations across McAfee) can be found in the\u00a0technical report <em>Targeted Ransomware No Longer a Future Threat.<\/em><\/p>\n<h2>Need More Assistance?<\/h2>\n<p>This post and the linked technical report are intended to provide a summary of a current threat. If you need assistance, the McAfee Foundstone Services team offers a full range of incident response, strategic, and technical consulting services that can further help to ensure you identify security risks and build effective solutions to remediate security vulnerabilities.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This post was written by Christiaan Beek and Andrew Furtak. In 2015, McAfee investigated a ransomware campaign that targeted the&#8230;<\/p>\n","protected":false},"author":653,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[1814,76,338,180,18],"coauthors":[3576],"class_list":["post-47835","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-computer-security","tag-cybercrime","tag-endpoint-protection","tag-malware","tag-network-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Targeted Ransomware No Longer a Future Threat | McAfee Blog<\/title>\n<meta name=\"description\" content=\"This post was written by Christiaan Beek and Andrew Furtak. In 2015, McAfee investigated a ransomware campaign that targeted the financial sector of a\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Targeted Ransomware No Longer a Future Threat | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"This post was written by Christiaan Beek and Andrew Furtak. In 2015, McAfee investigated a ransomware campaign that targeted the financial sector of a\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-ransomware-no-longer-future-threat\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2016-03-01T17:38:04+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-06T08:28:17+00:00\" \/>\n<meta name=\"author\" content=\"Christiaan Beek\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ChristiaanBeek\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Christiaan Beek\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-ransomware-no-longer-future-threat\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-ransomware-no-longer-future-threat\/\"},\"author\":{\"name\":\"Christiaan Beek\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/b5594548f9e30297ea54990aff356e79\"},\"headline\":\"Targeted Ransomware No Longer a Future Threat\",\"datePublished\":\"2016-03-01T17:38:04+00:00\",\"dateModified\":\"2025-06-06T08:28:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-ransomware-no-longer-future-threat\/\"},\"wordCount\":325,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"keywords\":[\"computer security\",\"cybercrime\",\"endpoint protection\",\"malware\",\"network security\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-ransomware-no-longer-future-threat\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-ransomware-no-longer-future-threat\/\",\"name\":\"Targeted Ransomware No Longer a Future Threat | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"datePublished\":\"2016-03-01T17:38:04+00:00\",\"dateModified\":\"2025-06-06T08:28:17+00:00\",\"description\":\"This post was written by Christiaan Beek and Andrew Furtak. In 2015, McAfee investigated a ransomware campaign that targeted the financial sector of a\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-ransomware-no-longer-future-threat\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-ransomware-no-longer-future-threat\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-ransomware-no-longer-future-threat\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Targeted Ransomware No Longer a Future Threat\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/b5594548f9e30297ea54990aff356e79\",\"name\":\"Christiaan Beek\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/09179574bcf76b6304ed08e621f59379\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/2-96x96.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/2-96x96.png\",\"caption\":\"Christiaan Beek\"},\"description\":\"Christiaan Beek is the Lead Scientist &amp; Sr. Principal Engineer of the Enterprise Office of the CTO. He is leading the strategic threat intelligence research with a focus on inventing new technology, research techniques and models. Visionary and serving leadership is at the core of his day-to-day job, getting the best out of people and collaborate to make the (cyber) world safer and a better place. In previous roles, Beek was Director of Threat Intelligence in McAfee Labs and Director of Incident Response and Forensics at Foundstone, McAfee\u2019s forensic services arm. At Foundstone, he led a team of forensic specialists in Europe, the Middle East, and Africa during major breaches. Beek develops threat intelligence strategy, designs and envision threat intelligence systems and new research techniques. Christiaan speaks regularly at conferences, including BlackHat, RSA, BlueHat and Botconf. Besides contributed to the best-selling security book \\\"Hacking Exposed\\\", he wrote a comic book about Ransomware, is a contributor to the MITRE ATT&amp;CK framework and holds multiple patents.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/christiaanbeek\/\",\"https:\/\/x.com\/ChristiaanBeek\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/christiaan-beek\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Targeted Ransomware No Longer a Future Threat | McAfee Blog","description":"This post was written by Christiaan Beek and Andrew Furtak. In 2015, McAfee investigated a ransomware campaign that targeted the financial sector of a","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Targeted Ransomware No Longer a Future Threat | McAfee Blog","og_description":"This post was written by Christiaan Beek and Andrew Furtak. In 2015, McAfee investigated a ransomware campaign that targeted the financial sector of a","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-ransomware-no-longer-future-threat\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2016-03-01T17:38:04+00:00","article_modified_time":"2025-06-06T08:28:17+00:00","author":"Christiaan Beek","twitter_card":"summary_large_image","twitter_creator":"@ChristiaanBeek","twitter_site":"@McAfee","twitter_misc":{"Written by":"Christiaan Beek","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-ransomware-no-longer-future-threat\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-ransomware-no-longer-future-threat\/"},"author":{"name":"Christiaan Beek","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/b5594548f9e30297ea54990aff356e79"},"headline":"Targeted Ransomware No Longer a Future Threat","datePublished":"2016-03-01T17:38:04+00:00","dateModified":"2025-06-06T08:28:17+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-ransomware-no-longer-future-threat\/"},"wordCount":325,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"keywords":["computer security","cybercrime","endpoint protection","malware","network security"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-ransomware-no-longer-future-threat\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-ransomware-no-longer-future-threat\/","name":"Targeted Ransomware No Longer a Future Threat | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"datePublished":"2016-03-01T17:38:04+00:00","dateModified":"2025-06-06T08:28:17+00:00","description":"This post was written by Christiaan Beek and Andrew Furtak. In 2015, McAfee investigated a ransomware campaign that targeted the financial sector of a","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-ransomware-no-longer-future-threat\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-ransomware-no-longer-future-threat\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-ransomware-no-longer-future-threat\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Targeted Ransomware No Longer a Future Threat"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/b5594548f9e30297ea54990aff356e79","name":"Christiaan Beek","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/09179574bcf76b6304ed08e621f59379","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/2-96x96.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/2-96x96.png","caption":"Christiaan Beek"},"description":"Christiaan Beek is the Lead Scientist &amp; Sr. Principal Engineer of the Enterprise Office of the CTO. He is leading the strategic threat intelligence research with a focus on inventing new technology, research techniques and models. Visionary and serving leadership is at the core of his day-to-day job, getting the best out of people and collaborate to make the (cyber) world safer and a better place. In previous roles, Beek was Director of Threat Intelligence in McAfee Labs and Director of Incident Response and Forensics at Foundstone, McAfee\u2019s forensic services arm. At Foundstone, he led a team of forensic specialists in Europe, the Middle East, and Africa during major breaches. Beek develops threat intelligence strategy, designs and envision threat intelligence systems and new research techniques. Christiaan speaks regularly at conferences, including BlackHat, RSA, BlueHat and Botconf. Besides contributed to the best-selling security book \"Hacking Exposed\", he wrote a comic book about Ransomware, is a contributor to the MITRE ATT&amp;CK framework and holds multiple patents.","sameAs":["https:\/\/www.linkedin.com\/in\/christiaanbeek\/","https:\/\/x.com\/ChristiaanBeek"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/christiaan-beek\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/47835","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/653"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=47835"}],"version-history":[{"count":3,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/47835\/revisions"}],"predecessor-version":[{"id":215170,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/47835\/revisions\/215170"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=47835"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=47835"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=47835"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=47835"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}