SentinelOne Vs. Delta Ransomware – Kill and Quarantine

See how SentinelOne protects against Delta Ransomware. Delta (aka AsupQue) is a recently discovered commodity ransomware family. Delta rapidly encrypts all files on local disks, then instructs the victim to contact the attacker via email. In addition to encrypting data, Delta will attempt to disrupt recovery by destroying Volume Shadow Copies (via vssadmin). In addition, the malware launches numerous wevtutil.exe processes in order to tamper with Windows Event/System Logs and ETW tracing. The ransom note is written in the form of a .HTA file, located in all folders containing encrypted files. To date, all samples analyzed require administrative/elevated privileges to execute and encrypt, though it does appear to ‘attempt’ some level of UAC bypass.

#ransomware #cybersecurity #infosec #ciso #malware