SentinelOne Demo: SentinelOne VS BlackSuit Ransomware – Detection and Mitigation

In this video demonstration, see how the SentinelOne Singularity XDR Platform protects against BlackSuit ransomware, a multi-pronged extortion threat that emerged in early 2023.

BlackSuit attackers encrypt and exfiltrate victim data, threatening to host the content on public data leak sites if victims don’t meet their demands. The ransomware group is known for significant attacks against entities in the health-care sector, along with other critical industries including education.

BlackSuit is a private ransomware operation, with no public affiliates. Its payloads contain many technical similarities to Royal ransomware payloads, including similar command-line parameters. BlackSuit payloads also support both Windows and Linux operating systems, delivered via phishing email or third-party framework such as Empire, Metasploit, and Cobalt Strike. The use of malicious torrent files has also been observed as a delivery vector for BlackSuit ransomware.

The SentinelOne Singularity XDR Platform detects and prevents malicious behaviors and artifacts associated with BlackSuit ransomware.

~Subscribe to our channels:~
Website: https://www.sentinelone.com/
LinkedIn: https://www.linkedin.com/company/sentinelone/
Twitter: https://twitter.com/SentinelOne
Facebook: https://www.facebook.com/SentinelOne
Instagram: https://www.instagram.com/sentinelsec/
Threads: https://www.threads.net/@sentinelsec