🇺🇦 SentinelOne vs PartyTicket – Ukraine Crisis Response

On February 24th, 2022, Symantec researchers pointed to a new Go ransomware being used as a decoy alongside the deployment of HermeticWiper. During our analysis we decided to name it PartyTicket based on some of the strings used by the malware developers.

As often happens to unskilled Go developers, the malware has poor control over its concurrent threads and the commands it attempts to run. This leads to hundreds of threads and events spawned in our consoles. That is to say, it’s very loud and ineffective ransomware that should fire alerts left and right.

SentinelOne customers are protected from this threat, no action is needed.

#ransomware #cybersecurity #endpointprotection #endpointsecurity #infosec #Ukraine #macos