SentinelOne Vs. REvil Ransomware – Protect Mode

The latest media reports suggest that the REvil ransomware family is behind the recent attack on JBS. The ransomware attack affected operations in North America and Australia, igniting fears of product shortages and price increases. The REvil group has been in operation (in current form) since mid 2019. Their ransomware is distributed via multiple methods including Exploit Kits, exploitation, as well as partnerships with other malware ‘frameworks’.
The SentinelOne Endpoint Protection Platform is capable of preventing & detecting REvil and all related, malicious, artifacts. Since launch, REvil has been available through multiple ‘underground forums’. There is some evidence to support ties between REvil / the REvil Gang and Ukraine and Russian actors. There are also indications that they work with other ransomware groups, and may have even based some of their code on GandCrab.

#ransomware #REvil #cybersecurity #infosec #endpointprotection