Ransomware Demo: SentinelOne vs. Good Day Ransomware – Detection and Mitigation

In this video, we show SentinelOne’s ability to detect, mitigate, and roll back Good Day ransomware. First observed in May 2023, Good Day ransomware is a member of the ARCrypter family. This variant’s name derives from the message displayed to victims when they visit the threat actor’s victim portal, a TOR-based website.

ARCrypter is associated with notable attacks against the Chilean government. Other variants include ChileLocker and REDALERT ransomware. Good Day ransomware payloads masquerade as valid updates for the Windows OS (ex: n211p1a1hs1_win_x64_v1a.exe). Initial delivery methods of Good Day payloads are phishing email with links to the masqueraded payload.

There is not currently a public victim blog /website for Good Day ransomware. Instaed, victims are required to engage the threat actor via a TOR-based portal for instructions on ‘recovering their data.’

Watch the demo to understand how SentinelOne’s advanced threat detection and prevention capabilities can protect your systems against threats like Good Day. For more technical insights and cybersecurity updates, subscribe to our channel.