SentinelOne – How ransomware is trying to increase payout

The SentinelOne behavioral AI engine is aware of every operation on the device. SentinelOne can restore the endpoint to its pre-infected state, without impacting other benign activities on the endpoint. SentinelOne recovers registry keys (often used by malware for persistence), scheduled tasks, and other internal operating system functions. To achieve this, we use Microsoft’s Windows Volume Shadow Copy technology (VSS). This technology is natively integrated into all enterprise Microsoft operating systems. The agent is protecting the VSS to ensure no malicious activity can interfere with the ability to rollback.

Read more