SentinelOne Vs. "LockBit 2.0" Ransomware – Mitigation and Rollback

Описание: See how SentinelOne mitigates and rolls back LockBit 2.0 ransomware. LockBit 2.0 ransomware is the latest affiliate program operated by the “LockBit Gang”, operating since early 2020. The group touts strong and ‘unbeatable’ crypto, stating, “During two years none has managed to decrypt it.”

Modern variants of LockBit (2.0) can encrypt files regardless of online status (encryption works offline). Affiliates have complete control over their campaigns via an administrative panel hosted via TOR (.onion domain).

LockBit shares many features with other modern and successful ransomware families. These include:

Network detection and spreading via DFS/SMB/WebDav (aka whatever is available)
Automatic termination of processes that may interfere with the encryption or extraction processed (backup software, security agents/scanners)
Blocking the launch of processes that may lead to termination of the encryption
Removal of Shadow Copies
Clearing of logs, self-cleaning
Options for hidden or visible runtime modes
Spread to hosts w/ Wake-On-Lan
Interaction with networked Printers
Support for “all” versions of Windows

~~~Subscribe to our channels:~~~
Website: https://www.sentinelone.com/​​
LinkedIn:   / sent​​.  .
Twitter:   / sentinelone​​  
Facebook:   / ​​  
Instagram:   / ​​  
~~~~~~~~~~~~
SentinelOne is the only cybersecurity solution encompassing AI-powered prevention, detection, response, and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous platform. With SentinelOne, organizations gain full transparency into everything happening across the network at machine speed – to defeat every attack, at every stage of the threat lifecycle. To learn more visit www.sentinelone.com.