SentinelOne Vs. Marlock Ransomware – Kill and Quarantine

⚔️ See how SentinelOne kills and quarantines Marlock ransomware. Marlock was first seen in the wild in September of 2021 and is an apparent evolution of Medusa Locker and the various branches of that family. As currently analyzed, it’s functionally identical to recent samples of both Medusa and Huylock.

Upon infection, victims are instructed to connect to the attacker’s paymore portal (.onion) via TOR. Similar to its predecessors, it will attempt to shutdown / terminate any process which may stand in the way of the encryption process and will attempt to inhibit system recovery by deleting VSS / Shadowcopies (via WMIC)