SentinelOne VS CryLock Ransomware – Detect Mode

CryLock ransomware was born from the evolution of the Cryaki ransomware family. CryLock was recently opened up as an “affiliate program,” allowing enterprising criminals to profit from this aggressive ransomware family. The ransomware offers “partners” numerous options with regards to the delivery and behavior of the ransomware. Flexible encryption options (and variable routines) allow for the very fast, yet very strong transformation of affected files. Other options include network scanning for lateral movement and discovery, removal or deletion of Volume Shadow Copies, terminal and removal of processes that may interfere with the encryption process, and a “blacklisting” feature for both processes and files.
SentinelOne Endpoint Protection is capable of preventing CryLock infections, as well as detecting associated artifacts. SentinelOne’s patented Rollback feature can reverse any malicious system changes caused by CryLock infections.
#Infosec #ransomware #cybersecurity #epp #edr #DEMO