1월 13, 2022
SentinelOne Vs. TellYouThePass Ransomware – Kill and Quarantine
⚔️See how SentinelOne kills and quarantines TellYouThePass Ransomware. TellYouThePass is a commodity ransomware family that has origins dating back to 2019. The family reemerged in parallel with the exploration of Apache (Log4j) vulnerabilities. Once this vulnerability (and PoC exploit code) was disclosed, we began to see widespread "scanning" (aka reconnaissance) for exposed devices that may be vulnerable to the related exploits.
In the recent emergence, the observed samples are written in Go (Golang). This allows the actors and affiliates a quick and efficient route to code which affects multiple platforms. Currently, there are Linux and Windows versions of TellYouThePass in the wild, with macOS variants soon to follow.
Upon execution, TellYouThePass will gather system information, as well as attempt to terminate any process or service which might inhibit the encryption process. The samples observed (Windows) perform all these tasks in visible cmd windows, and they do little to nothing, to hide their activity on the systems. Local file and folder enumeration, as well as local volume discovery, is also rudimentary and "not-stealth."
#tellyoutopass #ransomware #infosec #cybersecurity #log4j #endpointprotection #endpointsecurity
관련 리소스
데이터시트
Singularity™ Complete AI 지원 엔드포인트와 클라우드 보안
점점 더 복잡해지는 보안 아키텍처와 데이터 소스, 제한된 리소스, 더욱 정교해지는 공격에 직면한 보안 팀은 AI 지원 공격 세례에 대비하느라…
지금 읽기
Resource
SentinelOne PartnerOne - America's 2025
⛳️ Last week in Pebble Beach the America's best cybersecurity partners came together for our annual PartnerOne summit. Check out…
View Asset