Deploying Ransomware: SentinelOne and Microsoft Defender Analysis
Did Someone Say Ransomware?
In this article, I will be deploying some basic ransomware and viewing the results in SentinelOne and Microsoft Defender.
Downloading the Ransomware
I wanted a very safe test ransomware for this project, hence I used one with an Encryptor and Decryptor:
For an even safer deployment, you can edit the code to:
DELETE_ALL_ORIGINALS = false;
This will leave all the original files unencrypted but you will also have a copy of the encrypted files as well.
For this demo:
DELETE_ALL_ORIGINALS = true;
Deploying the Ransomware
To run the ransomware, make sure the Encryter.resx Security “Unblock” is checked!
Open in Visual Studio .NET
Clean Solution
Build Solution
Run!
Video Demo
Analysis
With SentinelOne and Microsoft Defender enabled, it successfully detected and blocked the ransomware from executing.