SentinelOne Vs. BlackCat Ransomware – Kill and Quarantine

⚔️ See how SentinelOne kills and quarantines BlackCat Ransomware. BlackCat (aka AlphaVM, AlphaV) is a newly established RaaS (Ransomware as a Service) with payloads written in Rust. Current data indicates primary delivery of BlackCat is via 3rd party framework/toolset (aka Cobalt Strike) or via exposed (and vulnerable) applications.

BlackCat currently supports both Windows and Linux operating systems. Samples analyzed (to date ) require an “access token” to be supplied as a parameter upon execution. This is similar to threats like Egregor, and is often used as an anti-analysis tactic. In addition, BlackCat (on Windows) will attempt to Delete VSS (Volume Shadow Copies), as well as enumerate local/accessible drives to affect eligible files. Extensions on encrypted files can vary across samples. Infected users are instructed to connect to the attackers’ payment/support portal (via TOR).

#blackcat #cybersecurity #RaaS #ransomware #endpointsecurity #endpointprotection #XDR