SentinelOne VS Zeon Ransomware – Detection, Response and Remediation

Zeon ransomware is a Python-based malware that was first reported in January 2022. The ransomware is packaged using PyInstaller and obfuscated using PyArmor, and is a predecessor to the Royal ransomware operation. Zeon’s operators threaten victims with the public exposure of their internal data in ransom notes, stating that they will publish the data on their news website if the victim does not comply.

On execution, Zeon ransomware payloads attempt to stop any services or processes that could inhibit the encryption process, including backup processes, utilities, and security products from McAfee, Sophos, and Kaspersky. The ransomware uses both taskkill.exe and net.exe to terminate these processes.

To achieve persistence, Zeon generates and executes a scheduled task via cmd.exe. SentinelOne Singularity XDR protects against Zeon ransomware attacks.

#Zeon #ransomware