Owen Nearhoof

National Cyber-Forensics Training Alliance
Intelligence Analyst

Owen Nearhoof is an Intelligence Analyst at the National Cyber-Forensics and Training Alliance (NCFTA). His research topics include cyber threat intelligence, underground forums and marketplaces, moniker attribution, and event and nation state groups. He also serves as the dedicated analyst for an organization in the hospitality sector. He previously obtained his Bachelor of Science in Cyber Forensics and Information Security from Robert Morris University (Moon Township, PA).


In November 2019, Maze ransomware became the first ransomware variant to create a “shame site” (aka leak site, blog site) and threaten to post data stolen from a victim in an attempt to extort them into paying a ransom. Throughout 2020, several ransomware variants adopted this tactic and created their own shame sites, furthering the extortion of ransomware victims. As a result, approximately 11 percent of all ransomware attacks involve data theft. NCFTA will provide an overview of the ransomware variants currently leaking stolen data via shame sites.