![Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VIDEO]](https://assets.crowdstrike.com/is/image/crowdstrikeinc/video-ATTCK2-1?wid=530&hei=349&fmt=png-alpha&qlt=95,0&resMode=sharp2&op_usm=3.0,0.3,2,0)
![Qatar’s Commercial Bank Chooses CrowdStrike Falcon®: A Partnership Based on Trust [VIDEO]](https://assets.crowdstrike.com/is/image/crowdstrikeinc/Edward-Gonam-Qatar-Blog2-1?wid=530&hei=349&fmt=png-alpha&qlt=95,0&resMode=sharp2&op_usm=3.0,0.3,2,0)
The CrowdStrike Falcon platform has once again delivered a perfect score in the SE Labs October 2025 Enterprise Advanced Security (EDR) Ransomware test: 100% detection accuracy, 100% protection accuracy, 100% legitimate accuracy, and 100% total accuracy — with zero false positives.
Ransomware remains an urgent threat: In the CrowdStrike 2025 State of Ransomware Survey, 78% of the global security leaders surveyed said their organizations had suffered a ransomware attack in the previous year. Despite half of respondents believing they were “very well-prepared” for a ransomware attack, just 22% of those organizations recovered from an attack within 24 hours. Average downtime costs were $1.7 million USD per incident, 93% of victim organizations that paid the ransom reported their data being stolen anyway, and 83% of them were subject to repeat attacks. As ransomware attacks continue, a strong defense is critical.
The Falcon platform detected and stopped every threat in this rigorous test, which featured 649 malware files, simulated attacks by 11 known adversarial groups, use of full attack chains, and both direct and deep attack scenarios. In addition, it provided full visibility into every stage of a simulated attack. In recognition of its performance, the Falcon platform was awarded SE Labs’ AAA Award for Advanced Security EDR Protection, marking the fourth straight year CrowdStrike has achieved this certification.
Simon Edwards, Founder and CEO of SE Labs describes the significance of Falcon’s 100% score:
"CrowdStrike has again performed admirably in the largest, most technically challenging and advanced ransomware test. A 100% score is an outstanding achievement rarely seen in the many tests that we run against many products in the industry. The realism of the test emphasizes the real-world strength of CrowdStrike Falcon."
The Falcon platform’s perfect 100% score comes after CrowdStrike was recognized with a series of awards at last summer’s 2025 SE Labs Security Awards ceremony, including wins for Enterprise Endpoint (Windows) and Enterprise Ransomware. CrowdStrike Falcon® Go collected the 2025 SE Labs Award for Small Business New Endpoint.
Read the full SE Labs Advanced Security Test report here.
How SE Labs Tested Against Ransomware Attacks
SE Labs tested the Falcon platform by employing the tactics, techniques, and procedures (TTPs) used by real-world adversaries against protected systems. The evaluation simulated a range of sophisticated ransomware attacks from the start of the attack chain through to conclusion, with the goal of stealing, encrypting, and/or destroying data on the target computers.
In total, 649 ransomware files were used during the test. In order to evaluate the effectiveness of the Falcon platform against both known and novel threats, roughly one-third of the malicious files were the originals seen in the field. The remainder consisted of unique variants previously unknown to cybersecurity researchers. Attacks were modeled based on the observed behaviors of the 11 adversaries listed below, including ransomware-as-a-service (RaaS) providers:
Akira (PUNK SPIDER)
Babuk
BlackBasta (WANDERING SPIDER)
Chaos
DragonForce
Fog
LockBit (BITWISE SPIDER)
Medusa (FROZEN SPIDER)
Phobos
Sodinokibi
Trigona
SE Labs employed both direct attacks and deep attacks.
During direct attacks, testers send ransomware payloads (both known and unknown files from prevalent ransomware families) directly to the target PCs using real-world methods, such as phishing emails. The cybersecurity solution is then awarded points based on how effectively it addresses the threats. Blocking the attack is worth the most points, with additional points awarded for detection, neutralization, and remediation. The Falcon platform detected and blocked or disabled all 649 ransomware files to earn a perfect 100% protection score.
Deep attacks assess a product’s effectiveness in detecting an attack and tracking it through every stage of a complete adversary kill chain: delivery/execution, action, privilege escalation, and lateral movement. Detection is critical. If a threat slips by initial defenses, detection with visibility into an attack enables the security team to reduce dwell time and address the threat before damage is done. To evaluate effectiveness, SE Labs testers disabled the protection capabilities on target PCs, then determined a security solution’s ability to detect and track an attack through all stages, including lateral movements through the network, with the ultimate goal of having complete real-time visibility into an attack.
The Falcon platform achieved a 100% detection score because it not only detected the ransomware, it also provided detailed insight into every step of the attack. As SE Labs points out: “This level of visibility would be a significant advantage for a security professional who is battling a persistent attacker in real time.”
False positives — when a security system incorrectly identifies a legitimate application or website as suspicious or malware — are costly. They require SOC analysts to investigate, which takes time away from dealing with real threats. They also have the potential to disrupt workflow. SE Labs reports that the Falcon platform scored 100% in legitimate accuracy, meaning it produced zero false positives and zero non-optimal classifications (where a file is flagged as suspicious and requires the user to make the decision of whether it is safe or not).
CrowdStrike's Advanced Technology Crushes Ransomware
The Falcon platform leverages advanced technologies to defend against ransomware attacks, powered by insights from CrowdStrike Counter Adversary Operations and Falcon Complete Next-Gen MDR teams, and informed by trillions of weekly security events.
The Falcon platform blocks suspicious processes through behavior-based, AI-powered indicators of attack (IOAs) and advanced machine learning. Its enhanced IOA detections accurately identify malicious behavior while avoiding disruption of legitimate applications. CrowdStrike uses cloud-based machine learning and deep neural networks to quickly identify and predict new attack patterns with greater accuracy, with new IOAs constantly expanding the Falcon platform’s defensive capabilities.
Windows Server Message Block (SMB) ransomware often evades traditional security systems through remote attacks, which avoid process-based detection. The Falcon platform offers File System Containment (through its CrowdStrike Falcon® Prevent subscription), a feature that automatically blocks malicious activity at the file access level and stops external SMB attacks originating from outside the protected environment.
The platform's Volume Shadow Copy Service (VSS) backup protection preserves shadow copies by preventing attackers from tampering with or deleting backups, enabling swift system recovery if ransomware compromises an endpoint.
These relentless advancements are a key reason why the Falcon platform has delivered 100% protection against ransomware every year since SE Labs ran its first ransomware test in 2022 — even as adversaries have become more sophisticated and determined.
The Falcon platform's perfect performance in SE Labs' most challenging ransomware test to date — with 100% detection accuracy, 100% protection accuracy, 100% legitimate accuracy, and 100% total accuracy scores — proves its AI-powered capabilities are no match for even the most advanced ransomware attacks.
CrowdStrike’s Focus on Innovation and Technical Leadership
CrowdStrike continually innovates, with investment in research and technology that maintains our industry leadership and protects our customers from cybersecurity threats. Advanced technology such as machine learning models, VSS protection, AI-powered IOAs, and File System Containment ensures the Falcon platform stays a step ahead of increasingly sophisticated adversaries.
We continue to support the efforts of third-party testing organizations such as SE Labs, with a firm belief that their independent evaluations of cybersecurity products are invaluable. Comprehensive, realistic assessments such as SE Labs’ Enterprise Advanced Security (EDR) Ransomware test are an important and unbiased resource for the security professionals who make buying decisions for their organizations. We are confident that participation in public testing serves as a showcase for CrowdStrike Falcon platform’s formidable capabilities and pioneering use of AI, including the agentic SOC.
Test results and the feedback of third-party testers also help companies like CrowdStrike to further improve our products. Our participation ensures the best gets even better with every challenge.
Additional Resources
- Read about CrowdStrike’s flawless performance in the 2025 MITRE ATT&CK® Enterprise Evaluations — 100% detection, 100% protection, and zero false positives.
- To learn what other industry analysts are saying about CrowdStrike, visit our Awards and Recognition webpage.
- For more about how the Falcon platform powers the agentic SOC, read this blog: The Architecture of Agentic Defense: Inside the Falcon Platform
- Learn more about the Falcon platform.
