Get a Demo
Platform
Why SentinelOne?
Services
Partners
Resources
About
Pricing
Get a Demo
Back to Resources

SentinelOne Vs. “LockBit 2.0” Ransomware – Kill and Quaratine

Video
SentinelOne Vs. “LockBit 2.0” Ransomware – Kill and Quaratine

See how SentinelOne kills and quarantines LockBit 2.0 ransomware. LockBit 2.0 ransomware is the latest affiliate program operated by the “LockBit Gang”, operating since early 2020. The group touts strong and ‘unbeatable’ crypto, stating, “During two years none has managed to decrypt it.”

Modern variants of LockBit (2.0) can encrypt files regardless of online status (encryption works offline). Affiliates have complete control over their campaigns via an administrative panel hosted via TOR (.onion domain).

LockBit shares many features with other modern and successful ransomware families. These include:

– Network detection and spreading via DFS/SMB/WebDav (aka whatever is available)
– Automatic termination of processes that may interfere with the encryption or extraction processed (backup software, security agents/scanners)
– Blocking the launch of processes that may lead to termination of the encryption
– Removal of Shadow Copies
– Clearing of logs, self-cleaning
– Options for hidden or visible runtime modes
– Spread to hosts w/ Wake-On-Lan
– Interaction with networked Printers
– Support for “all” versions of Windows

Watch Now
Related Resources
Video
LABScon24 Replay | Kryptina RaaS: From Unsellable Cast-off to Enterprise Ransomware | Jim Walter
Video
RSAC 2025: Join SentinelOne
Video
Is DeepSeek a Cybersecurity Threat? SentinelOne’s Alex Stamos Answers.
Video
SentinelOne and Aston Martin F1 Team

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform harnesses the power of data and AI to protect your organization now and into the future.

Request a Demo