CrowdStrike’s Adam Meyers on eCrime Actors’ Pivot to Ransomware

Sharon Holland

A recent article on Dark Reading by VP of Intelligence Adam Meyers at our partner Crowdstrike is titled “The Big E-Crime Pivot.” It puts forth the argument that cybercriminals “have begun to recognize that enterprise ransomware offers tremendous financial advantage over the more traditional tactics of wire fraud and account takeover.”

For those that don’t have time to read the full article, we have collated some of the highlights:

What is the Pivot?

“The concept of ‘the pivot’ well-understood by entrepreneurs, who often set out to build a business or technology and realize they need to shift their strategies. Visually, one foot remains firmly in place while the other turns to reorient the rest of the body. Typically, they don’t throw everything out the window and start over. Rather, they reimagine the way they can use the tools at their disposal.

“The same can be said about today’s sophisticated e-criminals, who are increasingly pivoting and reusing their existing technology for new ways to generate revenue.”


“Malware-as-a-service has been a prominent component of the e-crime ecosystem for the past decade.

“The e-criminals behind these malware platforms also built relationships with other e-criminals who specialize in spam, pay-per-install, and exploit kit development to optimize distribution.”

Big Game Hunting

“In recent months, e-criminals have begun to recognize that enterprise ransomware – what we call ‘big-game hunting’ – offers tremendous financial advantage over the more traditional e-crime tactics of wire fraud and account takeover. We touch on this trend in the ‘2019 CrowdStrike Global Threat Report.’

“The first indication of the shift to ransomware can be traced back to summer 2017, when INDRIK SPIDER, the adversary CrowdStrike associates with Dridex development, began to deploy BitPaymer in enterprisewide ransomware directed against the healthcare sector.

In March of this year, we reported on a change of tactics by PINCHY SPIDER, the actor behind the GandCrab ransomware that emerged in early 2018.”

How Do Organizations Respond?

“It is more important than ever that organizations and agencies have the right people, processes, technology, and intelligence to stay ahead of these threats.”

Read the entire article on Dark Reading, download the 2019 CrowdStrike Global Threat Report: “Adversary Tradecraft and the Importance of Speed.” or to see how we can help you incorporate intelligence on dangerous threat actors into your security strategy, please contact us or call us on 0845 625 9025.

This blog was first published on the Crowdstrike Blog on 18th June 2019.