SentinelOne Vs. BlueSky Ransomware – Prevention, Detection, and Rollback

Watch how SentinelOne prevents and detects BlueSky ransomware. BlueSky ransomware emerged (as a family) in July of 2022. At present, BlueSky does not host a public blog, containing victim names and relevant leaked (and stolen) data.

Initial delivery can vary across operators. BlueSky infects devices using a trojanized download from websites hosting “cracks” and “Keygens” and email-based attachments.

BlueSky requires victims to contact them via their TOR-based support portal for assistance in obtaining the decrypter for their campaign. Upon infection, BlueSky will rapidly process files on the target host. The ransomware has the ability to move laterally via SMB and has been observed doing so in Active Directory environments. Encrypted files will be marked with the “.bluesky” extension.

#BlueSky #ransomware #cybersecurity