SentinelOne Demo: SentinelOne VS NoEscape Ransomware – Detection and Response

In this video, we demonstrate how SentinelOne protects against NoEscape Ransomware. Emerging in May 2023, NoEscape functions as a RaaS (Ransomware as a Service). Its developers claim to have built the NoEscape malware and supporting infrastructure from scratch, notably opting not to incorporate source code (or leaks) from other known ransomware families.

NoEscape is a multi-extortion operation, hosting a TOR-based blog to list victims and host any exfiltrated data should the victim fail to comply to the attackers’ demands.

NoEscape ransomware payloads support multiple encryption modes (full vs. fast vs. strong) along with leveraging RSA and ChaCHA20 for the specific file encryption. Other features include process termination, safe-mode operation, spreading and encryption over SMB or DFS, and the use of the Widows Restart Manager to work around any processes which may inhibit the encryption process..

SentinelOne Singularity™ Endpoint is capable of detecting and preventing malicious behaviors and artifacts associated with NoEscape ransomware.