CrowdStrike’s Adam Meyers, Vice President of Intelligence, Participates in Congressional Hearing on Ransomware
Meyers Provided Testimony to Senate Subcommittee on Crime and Terrorism
Irvine, CA – May 19, 2016 – CrowdStrike Inc., a leader in cloud-delivered next-generation endpoint protection, threat intelligence and response services, today announced that Adam Meyers, vice president of Intelligence for CrowdStrike, participated in a Congressional hearing on ransomware on Wednesday, May 18th, 2016. The hearing, entitled “Ransomware: Understanding the Threat and Exploring Solutions,” was conducted by the Senate Judiciary Committee’s Subcommittee on Crime and Terrorism, and was chaired by Senator Lindsey Graham (R-South Carolina). Full video of the hearing can be viewed at the following link.
Meyers provided testimony regarding the history of ransomware, the types of ransomware attacks, the economics of ransomware, and how to block the attacks.
The following highlights were included in the testimony submitted by Meyers to the Committee:
- “The distribution of ransomware relies on other elements of the criminal ecosystem/ services such as pay-per-install botnets, loaders, exploit kits, and spam botnets are used to distribute the ransomware for the attacker.”
- “Threat actors have likely taken note that victims such as hospitals have paid ransoms in the tens of thousands of dollars in order to recover their data, prompting them to look for other victims who provide critical services to target.”
- “Ransomware frequently uses a technique known as domain generation algorithms (DGA) to avoid network-based countermeasures. A DGA creates a dynamic command and control domain based off of an algorithm developed by the attackers. This ensures that if their ransomware is identified and analyzed, an organization cannot simply block the command and control host, which is constantly changing.”
- “Through detailed analysis of this DGA, organizations can predict which domains may be used by the ransomware in the future and proactively block them, preventing the ransomware from negotiating the cryptographic key. While this level of analysis is not plausible for every organization, it can provide the most effective defense against these threats.”
- “Through my team’s own research, we observed as one niche player in three months made $73,000 from their ransomware campaign, and they appear to only be getting started. The attraction for attackers to use ransomware is obvious—it provides huge payoff with little investment.”
The hearing followed a number of high profile ransomware incidents in the United States, particularly targeted at health care, education, and local government agencies.
Adam Meyers’ complete testimony can be found at the following link on the Web site for the Senate Judiciary Committee. More information about how CrowdStrike can help customers stop ransomware can be found at the following blog.
CrowdStrike is the leader in next-generation endpoint protection, threat intelligence and response services. CrowdStrike’s core technology, the Falcon platform, stops breaches by preventing and responding to all types of attacks – both malware and malware-free.
CrowdStrike has revolutionized endpoint protection by combining three crucial elements: next-generation AV, endpoint detection and response (EDR), and a 24/7 managed hunting service — all powered by intelligence and uniquely delivered via the cloud in a single integrated solution. Falcon uses the patented CrowdStrike Threat Graph™ to analyze and correlate billions of events in real time, providing complete protection and five-second visibility across all endpoints. Many of the world’s largest organizations already put their trust in CrowdStrike, including three of the 10 largest global companies by revenue, five of the 10 largest financial institutions, three of the top 10 health care providers, and three of the top 10 energy companies. CrowdStrike Falcon is currently deployed in more than 170 countries.
We Stop Breaches. Learn more: www.crowdstrike.com