SentinelOne Vs. Pandora Ransomware – Detection, Prevention, Mitigation, and Rollback

⚔️ See how SentinelOne detects, prevents, mitigates, and rolls back Pandora ransomware family. First emerging in March of 2022, current intelligence indicates that the ‘family’ is a “rebrand” of Rook ransomware. Pandora, like Rook, is typically delivered via 3rd party framework (ex: Cobalt Strike). When executed, Pandora will also display one (or more) visible CMD windows (also similar to Rook). The group rose to prominence upon the launch of their TOR-based victim blog, which mirrors the common format. That is to say, Pandora is still a multi-pronged extortion outfit, carrying out ransomware attacks in addition to public leakage of data should the victims fail to ‘comply’. As of this writing, there are four victims listed on Pandora’s site, including multiple major Japanese corporations.

#cybersecurity #pandoraransomware #ransomware #infosec #RookRansomware