Trace Id is missing
Skip to main content
Microsoft Security

Expert profile: Emily Hacker

A woman is standing in front of a colorful background.

Emily Hacker did not expect to become a threat intelligence analyst at Microsoft after studying journalism in college. Her first job in cybersecurity was as a technical writer at an oil and gas firm. “I was editing intelligence reports, intelligence presentations, and helping with incident metrics. Over the course of that first year, I became absolutely enthralled with the work that intelligence analysts do.”

Emily’s work at Microsoft began in 2020 as an analyst for Microsoft Defender for Endpoint and Microsoft Defender for Office. One of the focus areas for these teams is to protect customers from threats associated with ransomware. Emily is directly involved in many of the investigations that built Microsoft’s knowledge of the RaaS economy and the access broker/operator/affiliate relationship, actively hunting for evidence of pre-ransomware signals.

“Following trends and techniques used by RaaS operators and their affiliates in the pre-ransom phase of an incident is critical to protecting customers from these types of threats” she said. “My job is to spot these pre-ransomware actors as early as possible. If you are only looking for the ransomware payload, itself – you’re too late.”

To stay on top of the changing RaaS landscape, Emily and her team use a combination of automated systems and human analysis to analyze, escalate and act on logs, alerts, and other activity in real-time. Emily’s team helps anticipate, pre-empt, and respond to different incidents on the front lines of customers’ networks, while also contributing to MSTIC’s ever-growing assessment of ransomware-linked actor tools, motives, and strategies.

When it comes to a ransomware incident, the stakes can be incredibly high. Ransomware operators are known to target critically important networks related to education, transportation, healthcare, or telecommunications systems. When these networks are affected, the results can be catastrophic.

“The work we do at Microsoft to track and prevent ransomware incidents is important because we’re protecting not just our customers, but their customers as well,” Hacker said. “Identifying the tools and techniques associated with ransomware and pre-ransomware incidents as early as possible is critical when these incidents have potentially wide-reaching consequences on companies, their employees, and their customers.”

Related articles

Cyber Signals: Issue 2

Over 80 percent of ransomware attacks can be traced to common configuration errors in software and devices.

Expert profile: Nick Carr

Learn about Nick Carr's expertise in cybersecurity and his strategies for protecting your business from external threats.

Three ways to protect yourself from ransomware

Modern ransomware defense requires a lot more than just setting up detection measures. Discover three ways you can harden your network’s security against ransomware.