{"id":82945,"date":"2017-12-17T21:02:37","date_gmt":"2017-12-18T05:02:37","guid":{"rendered":"https:\/\/securingtomorrow.mcafee.com\/?p=82945"},"modified":"2025-06-02T19:00:56","modified_gmt":"2025-06-03T02:00:56","slug":"looking-into-the-world-of-ransomware-actors-reveals-some-surprises","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/looking-into-the-world-of-ransomware-actors-reveals-some-surprises\/","title":{"rendered":"Looking Into the World of Ransomware Actors Reveals Some Surprises"},"content":{"rendered":"

During the preparations for our keynotes at McAfee\u2019s recent MPOWER conference,<\/a> we brainstormed a few topics we wanted to share with the audience. Ransomware was definitely on our agenda, but so much has already been said and written on the subject. What could we add that would be interesting?<\/p>\n

We hit on the angle: to dive into this shady world and learn about the people behind these campaigns. There are several ways to approach this. We could go into forums and look for the individuals who discuss these campaigns or offer ransomware for sale. But that would be very time consuming and the chance of finding the right individuals would be small. There is a better way.<\/p>\n

In most samples of ransomware, once they malware executes and files are encrypted, the \u201cransom note\u201d appears. Either a background drop or a text file contains the details. During 2017 we saw many of these notes contain an email address for questions or for payment details and releasing files.<\/p>\n

Example:<\/p>\n

\"\"<\/a><\/p>\n

We looked at three months of unique ransomware samples and extracted either the images or the notes that contained the contact addresses. As new ransomware families popped up in our tracker, we verified them and added the addresses\u2014because these fresh attacks made it likely the authors would interact with us.<\/p>\n

But how could convince the actors to answer our questions? We took the role of students working on a master thesis and asked the actors if they would be willing to answer a few questions. For a couple of weeks we lived the role of students, eating lots of pizza, drinking sodas, and so on. (You have to live the role, right?)<\/p>\n

We sent our emails and queried the actors who responded. One of our first observations was that of all the emails we retrieved, about 30 percent were either fake or nonexistent. So in these cases when files were encrypted and the victim decided to pay, using email to send evidence of payment was useless. The money was gone (as well as the files).<\/p>\n

During the first week of our research we received answers back from some of the actors, but most were not willing to cooperate. That\u2019s no surprise: They were cautious about revealing their identity.<\/p>\n

During the second week, we had better luck and started to chat with a few. That number grew, and after a few weeks we had a great collection of conversations with the actors.<\/p>\n

\u201cFast, easy, and safe\u201d<\/strong><\/h2>\n

When we asked why they started a career in ransomware, most answered with variations on \u201cenough money\u201d and \u201cfast, easy, and safe,\u201d especially when using anonymous email services and cryptocurrency for payments.<\/p>\n

Homemade vs. Off the Shelf<\/strong><\/h2>\n

Most of the actors we spoke with wrote their own ransomware. They had looked at the published source code but were clever enough to come up with their own variants that contained new techniques or different approaches to keep detections low. The longer they stayed out of sight of endpoint security solutions, the longer was their opportunity to make money.<\/p>\n

Spending Their Ill-Gotten Gains<\/strong><\/h2>\n

They spend the revenue they gained from their campaigns in various manners: travel, cars. One had many affiliates working for him so he was soon going to buy a house. One of the most surprising answers was that one turned to ransomware to \u201cpay off his debts.\u201d<\/p>\n

Willing to Negotiate <\/strong><\/h2>\n

Although they often have the image of being ruthless, almost all of them claimed a willingness to negotiate the ransom price in case victims could not afford to pay the demanded amount.<\/p>\n

Tracking the Authors<\/strong><\/h2>\n

One of the actors so enthusiastic he wanted to sell us ransomware code so we could pay off our college debts. Based on his answers and sharing of information, we noticed that he was not a very experienced actor and he gave clues on his whereabouts. In one of the conversations, he shared some examples, but the data was not scrubbed. By correlating the data he provided with other information, such as email time zones and mistakes in his English, we traced him to Dakar, Senegal. He not only sends ransomware but also sells botnets and other fraud-related services.<\/p>\n

We found the research eye opening. Now we just need a few weeks in the gym to work off all the sodas and pizzas.<\/p>\n

For those suffering from a ransomware attack, you have three options. The first two are bad: lose your files, or pay the ransom and hope (with no guarantee) for a key to unlock your files. The best option is to start with a visit to NoMoreRansom.org<\/a> to see if a decryption tool is available.<\/p>\n

Meanwhile, remember the standard advice on reducing your risk of picking up ransomware: Keep your OS, security, and application software up to date; exercise a healthy dose of skepticism even when you see messages that appear to come from legitimate sources; and do not click on links or open files from unknown names or organizations.<\/p>\n

 <\/p>\n

Learn more about the threat statistics we gathered in Q3, including ransomware in the McAfee Labs Threats Report, December 2017<\/a> and follow the team on Twitter at @McAfee_Labs<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

During the preparations for our keynotes at McAfee\u2019s recent MPOWER conference, we brainstormed a few topics we wanted to share…<\/p>\n","protected":false},"author":653,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[76,4452,338,4140,4549],"coauthors":[3576],"class_list":["post-82945","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-cybercrime","tag-cybersecurity","tag-endpoint-protection","tag-quarterly-threats-report","tag-ransomware"],"acf":[],"yoast_head":"\nLooking Into the World of Ransomware Actors Reveals Some Surprises<\/title>\n<meta name=\"description\" content=\"In preparation for our MPOWER keynotes, we brainstormed a few topics we wanted to share with the audience. Ransomware was on our agenda.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Looking Into the World of Ransomware Actors Reveals Some Surprises\" \/>\n<meta property=\"og:description\" content=\"In preparation for our MPOWER keynotes, we brainstormed a few topics we wanted to share with the audience. Ransomware was on our agenda.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/looking-into-the-world-of-ransomware-actors-reveals-some-surprises\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2017-12-18T05:02:37+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-03T02:00:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/12\/20171206-ransomware-actors-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1466\" \/>\n\t<meta property=\"og:image:height\" content=\"258\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Christiaan Beek\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ChristiaanBeek\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Christiaan Beek\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/looking-into-the-world-of-ransomware-actors-reveals-some-surprises\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/looking-into-the-world-of-ransomware-actors-reveals-some-surprises\/\"},\"author\":{\"name\":\"Christiaan Beek\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/b5594548f9e30297ea54990aff356e79\"},\"headline\":\"Looking Into the World of Ransomware Actors Reveals Some Surprises\",\"datePublished\":\"2017-12-18T05:02:37+00:00\",\"dateModified\":\"2025-06-03T02:00:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/looking-into-the-world-of-ransomware-actors-reveals-some-surprises\/\"},\"wordCount\":871,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/looking-into-the-world-of-ransomware-actors-reveals-some-surprises\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/12\/20171206-ransomware-actors-1.png\",\"keywords\":[\"cybercrime\",\"cybersecurity\",\"endpoint protection\",\"Quarterly Threats Report\",\"ransomware\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/looking-into-the-world-of-ransomware-actors-reveals-some-surprises\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/looking-into-the-world-of-ransomware-actors-reveals-some-surprises\/\",\"name\":\"Looking Into the World of Ransomware Actors Reveals Some Surprises\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/looking-into-the-world-of-ransomware-actors-reveals-some-surprises\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/looking-into-the-world-of-ransomware-actors-reveals-some-surprises\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/12\/20171206-ransomware-actors-1.png\",\"datePublished\":\"2017-12-18T05:02:37+00:00\",\"dateModified\":\"2025-06-03T02:00:56+00:00\",\"description\":\"In preparation for our MPOWER keynotes, we brainstormed a few topics we wanted to share with the audience. Ransomware was on our agenda.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/looking-into-the-world-of-ransomware-actors-reveals-some-surprises\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/looking-into-the-world-of-ransomware-actors-reveals-some-surprises\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/looking-into-the-world-of-ransomware-actors-reveals-some-surprises\/#primaryimage\",\"url\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/12\/20171206-ransomware-actors-1.png\",\"contentUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/12\/20171206-ransomware-actors-1.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/looking-into-the-world-of-ransomware-actors-reveals-some-surprises\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Looking Into the World of Ransomware Actors Reveals Some Surprises\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/b5594548f9e30297ea54990aff356e79\",\"name\":\"Christiaan Beek\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/09179574bcf76b6304ed08e621f59379\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/2-96x96.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/2-96x96.png\",\"caption\":\"Christiaan Beek\"},\"description\":\"Christiaan Beek is the Lead Scientist & Sr. Principal Engineer of the Enterprise Office of the CTO. He is leading the strategic threat intelligence research with a focus on inventing new technology, research techniques and models. Visionary and serving leadership is at the core of his day-to-day job, getting the best out of people and collaborate to make the (cyber) world safer and a better place. In previous roles, Beek was Director of Threat Intelligence in McAfee Labs and Director of Incident Response and Forensics at Foundstone, McAfee\u2019s forensic services arm. At Foundstone, he led a team of forensic specialists in Europe, the Middle East, and Africa during major breaches. Beek develops threat intelligence strategy, designs and envision threat intelligence systems and new research techniques. Christiaan speaks regularly at conferences, including BlackHat, RSA, BlueHat and Botconf. Besides contributed to the best-selling security book \\\"Hacking Exposed\\\", he wrote a comic book about Ransomware, is a contributor to the MITRE ATT&CK framework and holds multiple patents.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/christiaanbeek\/\",\"https:\/\/x.com\/ChristiaanBeek\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/christiaan-beek\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Looking Into the World of Ransomware Actors Reveals Some Surprises","description":"In preparation for our MPOWER keynotes, we brainstormed a few topics we wanted to share with the audience. Ransomware was on our agenda.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Looking Into the World of Ransomware Actors Reveals Some Surprises","og_description":"In preparation for our MPOWER keynotes, we brainstormed a few topics we wanted to share with the audience. Ransomware was on our agenda.","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/looking-into-the-world-of-ransomware-actors-reveals-some-surprises\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2017-12-18T05:02:37+00:00","article_modified_time":"2025-06-03T02:00:56+00:00","og_image":[{"width":1466,"height":258,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/12\/20171206-ransomware-actors-1.png","type":"image\/png"}],"author":"Christiaan Beek","twitter_card":"summary_large_image","twitter_creator":"@ChristiaanBeek","twitter_site":"@McAfee","twitter_misc":{"Written by":"Christiaan Beek","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/looking-into-the-world-of-ransomware-actors-reveals-some-surprises\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/looking-into-the-world-of-ransomware-actors-reveals-some-surprises\/"},"author":{"name":"Christiaan Beek","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/b5594548f9e30297ea54990aff356e79"},"headline":"Looking Into the World of Ransomware Actors Reveals Some Surprises","datePublished":"2017-12-18T05:02:37+00:00","dateModified":"2025-06-03T02:00:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/looking-into-the-world-of-ransomware-actors-reveals-some-surprises\/"},"wordCount":871,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/looking-into-the-world-of-ransomware-actors-reveals-some-surprises\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/12\/20171206-ransomware-actors-1.png","keywords":["cybercrime","cybersecurity","endpoint protection","Quarterly Threats Report","ransomware"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/looking-into-the-world-of-ransomware-actors-reveals-some-surprises\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/looking-into-the-world-of-ransomware-actors-reveals-some-surprises\/","name":"Looking Into the World of Ransomware Actors Reveals Some Surprises","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/looking-into-the-world-of-ransomware-actors-reveals-some-surprises\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/looking-into-the-world-of-ransomware-actors-reveals-some-surprises\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/12\/20171206-ransomware-actors-1.png","datePublished":"2017-12-18T05:02:37+00:00","dateModified":"2025-06-03T02:00:56+00:00","description":"In preparation for our MPOWER keynotes, we brainstormed a few topics we wanted to share with the audience. Ransomware was on our agenda.","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/looking-into-the-world-of-ransomware-actors-reveals-some-surprises\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/looking-into-the-world-of-ransomware-actors-reveals-some-surprises\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/looking-into-the-world-of-ransomware-actors-reveals-some-surprises\/#primaryimage","url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/12\/20171206-ransomware-actors-1.png","contentUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/12\/20171206-ransomware-actors-1.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/looking-into-the-world-of-ransomware-actors-reveals-some-surprises\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Looking Into the World of Ransomware Actors Reveals Some Surprises"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/b5594548f9e30297ea54990aff356e79","name":"Christiaan Beek","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/09179574bcf76b6304ed08e621f59379","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/2-96x96.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/2-96x96.png","caption":"Christiaan Beek"},"description":"Christiaan Beek is the Lead Scientist & Sr. Principal Engineer of the Enterprise Office of the CTO. He is leading the strategic threat intelligence research with a focus on inventing new technology, research techniques and models. Visionary and serving leadership is at the core of his day-to-day job, getting the best out of people and collaborate to make the (cyber) world safer and a better place. In previous roles, Beek was Director of Threat Intelligence in McAfee Labs and Director of Incident Response and Forensics at Foundstone, McAfee\u2019s forensic services arm. At Foundstone, he led a team of forensic specialists in Europe, the Middle East, and Africa during major breaches. Beek develops threat intelligence strategy, designs and envision threat intelligence systems and new research techniques. Christiaan speaks regularly at conferences, including BlackHat, RSA, BlueHat and Botconf. Besides contributed to the best-selling security book \"Hacking Exposed\", he wrote a comic book about Ransomware, is a contributor to the MITRE ATT&CK framework and holds multiple patents.","sameAs":["https:\/\/www.linkedin.com\/in\/christiaanbeek\/","https:\/\/x.com\/ChristiaanBeek"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/christiaan-beek\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/82945","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/653"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=82945"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/82945\/revisions"}],"predecessor-version":[{"id":214923,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/82945\/revisions\/214923"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=82945"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=82945"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=82945"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=82945"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}