{"id":91510,"date":"2018-09-17T21:01:37","date_gmt":"2018-09-18T04:01:37","guid":{"rendered":"https:\/\/securingtomorrow.mcafee.com\/?p=91510"},"modified":"2024-02-19T20:33:41","modified_gmt":"2024-02-20T04:33:41","slug":"political-figures-differ-online-names-of-trump-obama-merkel-attached-to-ransomware-campaigns","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/political-figures-differ-online-names-of-trump-obama-merkel-attached-to-ransomware-campaigns\/","title":{"rendered":"Political Figures Differ Online: Names of Trump, Obama, Merkel Attached to Ransomware"},"content":{"rendered":"<p>Politics and <a href=\"https:\/\/www.mcafee.com\/enterprise\/en-us\/security-awareness\/ransomware.html\">ransomware<\/a>. No, it\u2019s not a lost single from the Oasis back catalogue, but in fact a relatively recent tactic by ransomware developers looking to exploit the profiles of major politicians to install ransomware on victims\u2019 computers. Donald Trump, Angela Merkel, and now Barack Obama all serve as lures for the unsuspecting. Despite its claims, does the \u201cObama campaign\u201d deliver the ransomware it advertises? Well, perhaps not.<\/p>\n<h2>The Obama campaign<\/h2>\n<p>Recently identified by the <a href=\"https:\/\/malwarehunterteam.com\/\">MalwareHunterTeam<\/a> and <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/barack-obamas-blackmail-virus-ransomware-only-encrypts-exe-files\/\">documented by<\/a> Bleeping Computer, the Obama campaign displayed some confusing characteristics. For example, it encrypted only .exe files and asked for a tip to decrypt the files. This campaign does not behave like normal ransomware variants, which typically target user data files rather than .exe files.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-91513\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-1.png\" alt=\"\" width=\"690\" height=\"474\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-1.png 690w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-1-300x206.png 300w\" sizes=\"auto, (max-width: 690px) 100vw, 690px\" \/><\/a><\/p>\n<p>This unorthodoxy got us thinking: Was there a nation-state behind this campaign? At present, there is not enough evidence to confirm its source, although the language resources are in simplified Chinese. We discovered the following graph inside the ransomware:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-91514\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-2.png\" alt=\"\" width=\"64\" height=\"64\" \/><\/a><\/p>\n<p>As the MalwareHunterTeam documented, the ransomware attempts to kill processes associated with certain antimalware products:<\/p>\n<ul>\n<li>.rdata:004DAC80 0000001B C taskkill \/f \/im kavsvc.exe<\/li>\n<li>.rdata:004DAC9B 00000019 C taskkill \/f \/im KVXP.kxp<\/li>\n<li>.rdata:004DACB4 00000018 C taskkill \/f \/im Rav.exe<\/li>\n<li>.rdata:004DACCC 0000001B C taskkill \/f \/im Ravmon.exe<\/li>\n<li>.rdata:004DACE7 0000001D C taskkill \/f \/im Mcshield.exe<\/li>\n<li>.rdata:004DAD04 0000001D C taskkill \/f \/im VsTskMgr.exe<\/li>\n<li>.rdata:004DAD21 00000024 C SOFTWARE\\\\360Safe\\\\safemon\\\\ExecAccess<\/li>\n<li>.rdata:004DAD45 00000023 C SOFTWARE\\\\360Safe\\\\safemon\\\\MonAccess<\/li>\n<li>.rdata:004DAD68 00000024 C SOFTWARE\\\\360Safe\\\\safemon\\\\SiteAccess<\/li>\n<li>.rdata:004DAD8C 00000025 C SOFTWARE\\\\360Safe\\\\safemon\\\\UDiskAccess<\/li>\n<\/ul>\n<p>Note, however, that the access protection enabled within McAfee software prevented the termination of this process:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-3.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-91515\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-3.png\" alt=\"\" width=\"1180\" height=\"464\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-3.png 1180w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-3-300x118.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-3-768x302.png 768w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-3-1024x403.png 1024w\" sizes=\"auto, (max-width: 1180px) 100vw, 1180px\" \/><\/a><\/p>\n<p>These curiosities made us wonder about the purpose of the ransomware. Was this indeed ransomware and, if so, why encrypt only .exe files? Our initial suspicions were immediately confirmed when we found a cryptocurrency coin mining component within the malware. In fact, the miner sample was almost identical to the ransomware component, with almost 80% code reuse. These similarities are highlighted below.<\/p>\n<p>Executable extension search function:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-4.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-91516\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-4.png\" alt=\"\" width=\"592\" height=\"68\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-4.png 592w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-4-300x34.png 300w\" sizes=\"auto, (max-width: 592px) 100vw, 592px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-5.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-91517\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-5.png\" alt=\"\" width=\"971\" height=\"1593\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-5.png 971w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-5-183x300.png 183w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-5-768x1260.png 768w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-5-624x1024.png 624w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-5-305x500.png 305w\" sizes=\"auto, (max-width: 971px) 100vw, 971px\" \/><\/a><\/p>\n<p><em>Code flow in the \u201cObama campaign\u201d ransomware.<\/em><\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-6.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-91518\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-6.png\" alt=\"\" width=\"971\" height=\"1593\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-6.png 971w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-6-183x300.png 183w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-6-768x1260.png 768w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-6-624x1024.png 624w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-6-305x500.png 305w\" sizes=\"auto, (max-width: 971px) 100vw, 971px\" \/><\/a><\/p>\n<p><em>Code flow in the coin miner sample.<\/em><\/p>\n<p>We also found this URL pointing to an FTP server:<\/p>\n<ul>\n<li>FtpMoney812345 db &#8216;ftp:\/\/money8:12345678@xxxxxxxxxx.net\/88.txt<\/li>\n<\/ul>\n<h2>The Trump campaign<\/h2>\n<p>A ransomware campaign leveraging images of Donald Trump <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/the-donald-trump-ransomware-tries-to-build-walls-around-your-files\/\">has been previously documented.<\/a> Is it possible that the two politicians are aligned with the same cybercriminal group looking to exploit their profiles?<\/p>\n<p><strong>\u00a0<a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-7.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-91519\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-7.png\" alt=\"\" width=\"663\" height=\"406\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-7.png 663w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-7-300x184.png 300w\" sizes=\"auto, (max-width: 663px) 100vw, 663px\" \/><\/a><\/strong><strong>\u00a0<\/strong><\/p>\n<p>As previously reported, this variant was only a development version\u2014encrypting files with AES and using the following .encrypted extension:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-8.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-91520\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-8.png\" alt=\"\" width=\"596\" height=\"74\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-8.png 596w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-8-300x37.png 300w\" sizes=\"auto, (max-width: 596px) 100vw, 596px\" \/><\/a><\/p>\n<p>However, this ransomware can \u201cdecrypt\u201d the files if one clicks on an \u201cunlock files\u201d button.<\/p>\n<p>Code referencing decryption by button click:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-9.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-91521\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-9.png\" alt=\"\" width=\"740\" height=\"54\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-9.png 740w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-9-300x22.png 300w\" sizes=\"auto, (max-width: 740px) 100vw, 740px\" \/><\/a><\/p>\n<p>And for unlocking files:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-10.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-91522\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-10.png\" alt=\"\" width=\"881\" height=\"60\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-10.png 881w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-10-300x20.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-10-768x52.png 768w\" sizes=\"auto, (max-width: 881px) 100vw, 881px\" \/><\/a><\/p>\n<h2>The Angela Merkel campaign<strong>\u00a0<\/strong><\/h2>\n<p><strong>\u00a0<a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-11.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-91523\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-11.png\" alt=\"\" width=\"973\" height=\"481\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-11.png 973w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-11-300x148.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-11-768x380.png 768w\" sizes=\"auto, (max-width: 973px) 100vw, 973px\" \/><\/a><\/strong><\/p>\n<p>The use of Angela Merkel and her profile is new to the discussion. \u201cHer\u201d campaign encrypts files using the .angelamerkel extension. The original name of this ransomware was ChromeUpadter.exe; it also uses AES to encrypt files. It employs the Euro in its ransom demands. Perhaps a European figure evokes the Euro?<\/p>\n<p>This ransomware encrypts the following files:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-12.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-91524\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-12.png\" alt=\"\" width=\"897\" height=\"248\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-12.png 897w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-12-300x83.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/09\/20180918-ransomware-12-768x212.png 768w\" sizes=\"auto, (max-width: 897px) 100vw, 897px\" \/><\/a><\/p>\n<p>Malware developers are fond of exploiting famous names to lure unsuspecting victims. Although it would be simple to claim an increase in politically motivated ransomware, or rather ransomware that leverages the profiles of political figures, there is no significant evidence to suggest they are from the same threat actor. Equally, these campaigns might not even be ransomware, certainly in the case of the Obama campaign.<\/p>\n<p>Does this examination suggest three separate campaigns? There are some links and, no, they are not between Obama and Trump. The Trump and Merkel ransomware are 46% identical in code. We are left wondering whose campaign is the most successful. We shall see.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Politics and ransomware. No, it\u2019s not a lost single from the Oasis back catalogue, but in fact a relatively recent&#8230;<\/p>\n","protected":false},"author":653,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[5526,338,180,4549],"coauthors":[3576,1359],"class_list":["post-91510","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-advanced-threat-research","tag-endpoint-protection","tag-malware","tag-ransomware"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Political Figures Differ Online: Names of Trump, Obama, Merkel Attached to Ransomware | McAfee Blog<\/title>\n<meta name=\"description\" content=\"Politics and ransomware. No, it\u2019s not a lost single from the Oasis back catalogue, but in fact a relatively recent tactic by ransomware developers looking\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Political Figures Differ Online: Names of Trump, Obama, Merkel Attached to Ransomware | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"Politics and ransomware. No, it\u2019s not a lost single from the Oasis back catalogue, but in fact a relatively recent tactic by ransomware developers looking\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/political-figures-differ-online-names-of-trump-obama-merkel-attached-to-ransomware-campaigns\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2018-09-18T04:01:37+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-20T04:33:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-1.png\" \/>\n<meta name=\"author\" content=\"Christiaan Beek, Raj Samani\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ChristiaanBeek\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Christiaan Beek, Raj Samani\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/political-figures-differ-online-names-of-trump-obama-merkel-attached-to-ransomware-campaigns\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/political-figures-differ-online-names-of-trump-obama-merkel-attached-to-ransomware-campaigns\/\"},\"author\":{\"name\":\"Christiaan Beek\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/b5594548f9e30297ea54990aff356e79\"},\"headline\":\"Political Figures Differ Online: Names of Trump, Obama, Merkel Attached to Ransomware\",\"datePublished\":\"2018-09-18T04:01:37+00:00\",\"dateModified\":\"2024-02-20T04:33:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/political-figures-differ-online-names-of-trump-obama-merkel-attached-to-ransomware-campaigns\/\"},\"wordCount\":632,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/political-figures-differ-online-names-of-trump-obama-merkel-attached-to-ransomware-campaigns\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-1.png\",\"keywords\":[\"Advanced Threat Research\",\"endpoint protection\",\"malware\",\"ransomware\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/political-figures-differ-online-names-of-trump-obama-merkel-attached-to-ransomware-campaigns\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/political-figures-differ-online-names-of-trump-obama-merkel-attached-to-ransomware-campaigns\/\",\"name\":\"Political Figures Differ Online: Names of Trump, Obama, Merkel Attached to Ransomware | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/political-figures-differ-online-names-of-trump-obama-merkel-attached-to-ransomware-campaigns\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/political-figures-differ-online-names-of-trump-obama-merkel-attached-to-ransomware-campaigns\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-1.png\",\"datePublished\":\"2018-09-18T04:01:37+00:00\",\"dateModified\":\"2024-02-20T04:33:41+00:00\",\"description\":\"Politics and ransomware. No, it\u2019s not a lost single from the Oasis back catalogue, but in fact a relatively recent tactic by ransomware developers looking\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/political-figures-differ-online-names-of-trump-obama-merkel-attached-to-ransomware-campaigns\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/political-figures-differ-online-names-of-trump-obama-merkel-attached-to-ransomware-campaigns\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/political-figures-differ-online-names-of-trump-obama-merkel-attached-to-ransomware-campaigns\/#primaryimage\",\"url\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-1.png\",\"contentUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-1.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/political-figures-differ-online-names-of-trump-obama-merkel-attached-to-ransomware-campaigns\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Political Figures Differ Online: Names of Trump, Obama, Merkel Attached to Ransomware Campaigns\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/b5594548f9e30297ea54990aff356e79\",\"name\":\"Christiaan Beek\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/09179574bcf76b6304ed08e621f59379\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/2-96x96.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/2-96x96.png\",\"caption\":\"Christiaan Beek\"},\"description\":\"Christiaan Beek is the Lead Scientist &amp; Sr. Principal Engineer of the Enterprise Office of the CTO. He is leading the strategic threat intelligence research with a focus on inventing new technology, research techniques and models. Visionary and serving leadership is at the core of his day-to-day job, getting the best out of people and collaborate to make the (cyber) world safer and a better place. In previous roles, Beek was Director of Threat Intelligence in McAfee Labs and Director of Incident Response and Forensics at Foundstone, McAfee\u2019s forensic services arm. At Foundstone, he led a team of forensic specialists in Europe, the Middle East, and Africa during major breaches. Beek develops threat intelligence strategy, designs and envision threat intelligence systems and new research techniques. Christiaan speaks regularly at conferences, including BlackHat, RSA, BlueHat and Botconf. Besides contributed to the best-selling security book \\\"Hacking Exposed\\\", he wrote a comic book about Ransomware, is a contributor to the MITRE ATT&amp;CK framework and holds multiple patents.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/christiaanbeek\/\",\"https:\/\/x.com\/ChristiaanBeek\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/christiaan-beek\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Political Figures Differ Online: Names of Trump, Obama, Merkel Attached to Ransomware | McAfee Blog","description":"Politics and ransomware. No, it\u2019s not a lost single from the Oasis back catalogue, but in fact a relatively recent tactic by ransomware developers looking","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Political Figures Differ Online: Names of Trump, Obama, Merkel Attached to Ransomware | McAfee Blog","og_description":"Politics and ransomware. No, it\u2019s not a lost single from the Oasis back catalogue, but in fact a relatively recent tactic by ransomware developers looking","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/political-figures-differ-online-names-of-trump-obama-merkel-attached-to-ransomware-campaigns\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2018-09-18T04:01:37+00:00","article_modified_time":"2024-02-20T04:33:41+00:00","og_image":[{"url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-1.png","type":"","width":"","height":""}],"author":"Christiaan Beek, Raj Samani","twitter_card":"summary_large_image","twitter_creator":"@ChristiaanBeek","twitter_site":"@McAfee","twitter_misc":{"Written by":"Christiaan Beek, Raj Samani","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/political-figures-differ-online-names-of-trump-obama-merkel-attached-to-ransomware-campaigns\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/political-figures-differ-online-names-of-trump-obama-merkel-attached-to-ransomware-campaigns\/"},"author":{"name":"Christiaan Beek","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/b5594548f9e30297ea54990aff356e79"},"headline":"Political Figures Differ Online: Names of Trump, Obama, Merkel Attached to Ransomware","datePublished":"2018-09-18T04:01:37+00:00","dateModified":"2024-02-20T04:33:41+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/political-figures-differ-online-names-of-trump-obama-merkel-attached-to-ransomware-campaigns\/"},"wordCount":632,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/political-figures-differ-online-names-of-trump-obama-merkel-attached-to-ransomware-campaigns\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-1.png","keywords":["Advanced Threat Research","endpoint protection","malware","ransomware"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/political-figures-differ-online-names-of-trump-obama-merkel-attached-to-ransomware-campaigns\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/political-figures-differ-online-names-of-trump-obama-merkel-attached-to-ransomware-campaigns\/","name":"Political Figures Differ Online: Names of Trump, Obama, Merkel Attached to Ransomware | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/political-figures-differ-online-names-of-trump-obama-merkel-attached-to-ransomware-campaigns\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/political-figures-differ-online-names-of-trump-obama-merkel-attached-to-ransomware-campaigns\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-1.png","datePublished":"2018-09-18T04:01:37+00:00","dateModified":"2024-02-20T04:33:41+00:00","description":"Politics and ransomware. No, it\u2019s not a lost single from the Oasis back catalogue, but in fact a relatively recent tactic by ransomware developers looking","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/political-figures-differ-online-names-of-trump-obama-merkel-attached-to-ransomware-campaigns\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/political-figures-differ-online-names-of-trump-obama-merkel-attached-to-ransomware-campaigns\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/political-figures-differ-online-names-of-trump-obama-merkel-attached-to-ransomware-campaigns\/#primaryimage","url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-1.png","contentUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/09\/20180918-ransomware-1.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/political-figures-differ-online-names-of-trump-obama-merkel-attached-to-ransomware-campaigns\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Political Figures Differ Online: Names of Trump, Obama, Merkel Attached to Ransomware Campaigns"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/b5594548f9e30297ea54990aff356e79","name":"Christiaan Beek","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/09179574bcf76b6304ed08e621f59379","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/2-96x96.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/2-96x96.png","caption":"Christiaan Beek"},"description":"Christiaan Beek is the Lead Scientist &amp; Sr. Principal Engineer of the Enterprise Office of the CTO. He is leading the strategic threat intelligence research with a focus on inventing new technology, research techniques and models. Visionary and serving leadership is at the core of his day-to-day job, getting the best out of people and collaborate to make the (cyber) world safer and a better place. In previous roles, Beek was Director of Threat Intelligence in McAfee Labs and Director of Incident Response and Forensics at Foundstone, McAfee\u2019s forensic services arm. At Foundstone, he led a team of forensic specialists in Europe, the Middle East, and Africa during major breaches. Beek develops threat intelligence strategy, designs and envision threat intelligence systems and new research techniques. Christiaan speaks regularly at conferences, including BlackHat, RSA, BlueHat and Botconf. Besides contributed to the best-selling security book \"Hacking Exposed\", he wrote a comic book about Ransomware, is a contributor to the MITRE ATT&amp;CK framework and holds multiple patents.","sameAs":["https:\/\/www.linkedin.com\/in\/christiaanbeek\/","https:\/\/x.com\/ChristiaanBeek"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/christiaan-beek\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/91510","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/653"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=91510"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/91510\/revisions"}],"predecessor-version":[{"id":183123,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/91510\/revisions\/183123"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=91510"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=91510"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=91510"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=91510"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}