{"id":48034,"date":"2016-03-07T16:16:17","date_gmt":"2016-03-08T00:16:17","guid":{"rendered":"https:\/\/blogs.mcafee.com\/?p=48034"},"modified":"2025-06-02T18:59:32","modified_gmt":"2025-06-03T01:59:32","slug":"locky-ransomware-rampage-javascript-downloader","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-rampage-javascript-downloader\/","title":{"rendered":"Locky Ransomware on Rampage With JavaScript Downloader"},"content":{"rendered":"

Locky is a ransomware family that encrypts victims’ files and demands money to decrypt the files. It has infected many computers in a short time due to a\u00a0huge spam campaign.<\/p>\n

Propagation vector\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/strong><\/h2>\n

Locky ransomware propagates onto victims’ systems through a\u00a0widespread spam campaign using an attached Microsoft Word document with maliciously crafted macros. Recently, however, the malware has shifted to an attached, obfuscated\u00a0JavaScript file. On execution it downloads\u00a0Locky ransomware\u00a0and installs on the victim\u2019s computer.<\/p>\n

We believe the change to JavaScript is to evade antimalware products due to its obfuscation and small size, which suggests the file is benign. At McAfee Labs we examined one of the JavaScript examples:<\/p>\n

\"mailcontent\"<\/p>\n

After extracting the file, we saw\u00a0an obfuscated JavaScript whose content looks benign. After deobfuscation, however, we found Locky ransomware:<\/p>\n

\"Javascriptcontent\"<\/p>\n

 <\/p>\n

Analysis<\/strong><\/h2>\n

The downloaded Locky ransomware is compressed and uses a PLib-depack function for decompression. It employs the Wow64DisableWow64FsRedirection function to disable file system redirection for the calling thread.<\/p>\n

On execution, the malware\u00a0checks whether the operating system is Russian:<\/p>\n

\"langcheck\"<\/p>\n

If the system operating system is Russian, the malware deletes itself. Otherwise it starts the infection of the victim’s machine by adding the Locky footprint in HKCU\\Software\\Locky:<\/p>\n

\"Lockyregkey1\"<\/p>\n

Locky calls the GetVolumeNameForVolumeMountPoint function and retrieves a volume\u00a0GUID\u00a0path for the volume that is associated with the specified volume mount point. From the retrieved data, using Microsoft’s cryptographic function API, the malware calculates the MD5 hash:<\/p>\n

\"MD5hashalog\"<\/p>\n

Later, Locky retrieves system information such as OS name, service pack, OS, language, and unique ID.<\/p>\n

\"sysdatab4encryp\"<\/p>\n

 <\/p>\n

Control server communications<\/strong><\/h2>\n

The collected system information is encrypted with the following encryption code:<\/p>\n

\"sysdataafterencryp\"<\/p>\n

After the system information is encrypted, it is posted to attacker\u2019s control server.<\/p>\n

\"C2post\"<\/p>\n

The control servers are hardcoded in this sample:<\/p>\n

    \n
  • 31[dot]41[dot]47[dot]37<\/li>\n
  • 188[dot]138[dot]88[dot]184<\/li>\n
  • 91[dot]121[dot]97[dot]170<\/li>\n
  • 5[dot]34[dot]183[dot]136<\/li>\n<\/ul>\n

    The replies from the control server are decrypted\u00a0by the malware with the following\u00a0decryption code:<\/p>\n

    \"inbouddecrytion\"<\/p>\n

    After successful infection the malware stores user ID, ransom note and RSA public key, and completed value name under the Locky registry key:<\/p>\n

    \"lockyregkey2\"<\/p>\n

    Encrypted file types\u00a0<\/strong><\/h2>\n

    The malware searches and encrypts the victim\u2019s files with the following\u00a0file extensions and renames them with .locky.<\/p>\n

    \"filetypeencryption\"<\/p>\n

    Ransomware notice\u00a0<\/strong><\/h2>\n

    After file encryption, the malware changes the desktop background to the recovery-instruction image, which clearly states the procedure to get the private key and\u00a0decrypt\u00a0the files.<\/p>\n

    \"notice\"<\/p>\n

    On following the link to get private key, the victim lands on the payment procedure page, and can buy the Locky decryptor:<\/p>\n

    \"lockydecyptor\"<\/p>\n

    Detection coverage<\/strong><\/h2>\n

    All McAfee products detect the JavaScript and downloaded Locky file as malicious.<\/p>\n

    \"filedetection1\"\"filedetection2\"<\/p>\n

     <\/p>\n

    Sample MD5s:<\/p>\n

      \n
    • 2C01D031623AADA362D9CC9C7573B6AB<\/li>\n
    • 3F118D0B888430AB9F58FC2589207988<\/li>\n<\/ul>\n

      Update March 8: Locky is not the ransomware associated with<\/em>\u00a0<\/em>the recent\u00a0well-publicized attack on a Southern California hospital.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

      Locky is a ransomware family that encrypts victims’ files and demands money to decrypt the files. It has infected many…<\/p>\n","protected":false},"author":778,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[],"coauthors":[4625],"class_list":["post-48034","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs"],"acf":[],"yoast_head":"\nLocky Ransomware on Rampage With JavaScript Downloader | McAfee Blog<\/title>\n<meta name=\"description\" content=\"Locky is a ransomware family that encrypts victims' files and demands money to decrypt the files. It has infected many computers in a short time due to\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Locky Ransomware on Rampage With JavaScript Downloader | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"Locky is a ransomware family that encrypts victims' files and demands money to decrypt the files. It has infected many computers in a short time due to\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-rampage-javascript-downloader\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2016-03-08T00:16:17+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-03T01:59:32+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/mailcontent.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"923\" \/>\n\t<meta property=\"og:image:height\" content=\"431\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Venkatachalabathy SR\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Venkatachalabathy SR\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-rampage-javascript-downloader\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-rampage-javascript-downloader\/\"},\"author\":{\"name\":\"Venkatachalabathy SR\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/832c3283bb8214bccb2045dbd551ed10\"},\"headline\":\"Locky Ransomware on Rampage With JavaScript Downloader\",\"datePublished\":\"2016-03-08T00:16:17+00:00\",\"dateModified\":\"2025-06-03T01:59:32+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-rampage-javascript-downloader\/\"},\"wordCount\":478,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-rampage-javascript-downloader\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/mailcontent.jpg\",\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-rampage-javascript-downloader\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-rampage-javascript-downloader\/\",\"name\":\"Locky Ransomware on Rampage With JavaScript Downloader | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-rampage-javascript-downloader\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-rampage-javascript-downloader\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/mailcontent.jpg\",\"datePublished\":\"2016-03-08T00:16:17+00:00\",\"dateModified\":\"2025-06-03T01:59:32+00:00\",\"description\":\"Locky is a ransomware family that encrypts victims' files and demands money to decrypt the files. It has infected many computers in a short time due to\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-rampage-javascript-downloader\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-rampage-javascript-downloader\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-rampage-javascript-downloader\/#primaryimage\",\"url\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/mailcontent.jpg\",\"contentUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/mailcontent.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-rampage-javascript-downloader\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Locky Ransomware on Rampage With JavaScript Downloader\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/832c3283bb8214bccb2045dbd551ed10\",\"name\":\"Venkatachalabathy SR\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/40fba9eed4e7ca8b46ae4d78bd0cb396\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/618b5040c0ddc676e560d01eda1a6ea3?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/618b5040c0ddc676e560d01eda1a6ea3?s=96&d=mm&r=g\",\"caption\":\"Venkatachalabathy SR\"},\"description\":\"Venkatachalabathy is a Security Researcher with McAfee. He has more than eleven years of work experience in anti-virus industry and specializes in reverse engineering. His focus is to work on Prevalent and Advance Persistent Threats. His personal interest includes reading new paper and listening to music .\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/venkatachalabathy-sr-grem-certified-37199b14\/\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/venkatachalabathy-sr\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Locky Ransomware on Rampage With JavaScript Downloader | McAfee Blog","description":"Locky is a ransomware family that encrypts victims' files and demands money to decrypt the files. It has infected many computers in a short time due to","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Locky Ransomware on Rampage With JavaScript Downloader | McAfee Blog","og_description":"Locky is a ransomware family that encrypts victims' files and demands money to decrypt the files. It has infected many computers in a short time due to","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-rampage-javascript-downloader\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2016-03-08T00:16:17+00:00","article_modified_time":"2025-06-03T01:59:32+00:00","og_image":[{"width":923,"height":431,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/mailcontent.jpg","type":"image\/jpeg"}],"author":"Venkatachalabathy SR","twitter_card":"summary_large_image","twitter_creator":"@McAfee","twitter_site":"@McAfee","twitter_misc":{"Written by":"Venkatachalabathy SR","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-rampage-javascript-downloader\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-rampage-javascript-downloader\/"},"author":{"name":"Venkatachalabathy SR","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/832c3283bb8214bccb2045dbd551ed10"},"headline":"Locky Ransomware on Rampage With JavaScript Downloader","datePublished":"2016-03-08T00:16:17+00:00","dateModified":"2025-06-03T01:59:32+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-rampage-javascript-downloader\/"},"wordCount":478,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-rampage-javascript-downloader\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/mailcontent.jpg","articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-rampage-javascript-downloader\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-rampage-javascript-downloader\/","name":"Locky Ransomware on Rampage With JavaScript Downloader | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-rampage-javascript-downloader\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-rampage-javascript-downloader\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/mailcontent.jpg","datePublished":"2016-03-08T00:16:17+00:00","dateModified":"2025-06-03T01:59:32+00:00","description":"Locky is a ransomware family that encrypts victims' files and demands money to decrypt the files. It has infected many computers in a short time due to","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-rampage-javascript-downloader\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-rampage-javascript-downloader\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-rampage-javascript-downloader\/#primaryimage","url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/mailcontent.jpg","contentUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/mailcontent.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-rampage-javascript-downloader\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Locky Ransomware on Rampage With JavaScript Downloader"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/832c3283bb8214bccb2045dbd551ed10","name":"Venkatachalabathy SR","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/40fba9eed4e7ca8b46ae4d78bd0cb396","url":"https:\/\/secure.gravatar.com\/avatar\/618b5040c0ddc676e560d01eda1a6ea3?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/618b5040c0ddc676e560d01eda1a6ea3?s=96&d=mm&r=g","caption":"Venkatachalabathy SR"},"description":"Venkatachalabathy is a Security Researcher with McAfee. He has more than eleven years of work experience in anti-virus industry and specializes in reverse engineering. His focus is to work on Prevalent and Advance Persistent Threats. His personal interest includes reading new paper and listening to music .","sameAs":["https:\/\/www.linkedin.com\/in\/venkatachalabathy-sr-grem-certified-37199b14\/"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/venkatachalabathy-sr\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/48034","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/778"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=48034"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/48034\/revisions"}],"predecessor-version":[{"id":214922,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/48034\/revisions\/214922"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=48034"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=48034"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=48034"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=48034"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}