Deploying Ransomware: SentinelOne and Microsoft Defender Analysis

Did Someone Say Ransomware?

In this article, I will be deploying some basic ransomware and viewing the results in SentinelOne and Microsoft Defender.

Downloading the Ransomware

I wanted a very safe test ransomware for this project, hence I used one with an Encryptor and Decryptor:

• https://github.com/joshmadakor1/EncrypterPOC

• https://github.com/joshmadakor1/DecrypterPOC

For an even safer deployment, you can edit the code to:

This will leave all the original files unencrypted but you will also have a copy of the encrypted files as well.

For this demo:

Deploying the Ransomware

To run the ransomware, make sure the Encryter.resx Security “Unblock” is checked!

Open in Visual Studio .NET

Clean Solution

Build Solution

Run!

Video Demo

Analysis

With SentinelOne and Microsoft Defender enabled, it successfully detected and blocked the ransomware from executing.