Get Started
Platform
Why SentinelOne?
Services
Partners
Resources
About
Pricing
Get Started
Back to Resources

SentinelOne Vs. BlackByte – Kill and Quarantine

Video
SentinelOne Vs. BlackByte – Kill and Quarantine

Watch how SentinelOne kills and quarantines BlackByte. BlackByte’s highly-obfuscated JS Loader is delivered via multiple methods (watering hole, exploit kit, other malware/frameworks). The obfuscated JavaScript is typically used to prep the victim for further activity (ex: facilitating the modification of firewall rules for exfiltration) as well as receiving/decoding the main payload (encryptor) for execution. The JS Loader modifies various services and system components that may inhibit the encryption process. This includes the disabling of VSS / Volume Shadow Copies as well as disabling MSQL services.

The Loader also targets the Raccine security product specifically, attempting to shut down or circumvent components of that product. BlackByte ransomware started gaining greater visibility in August of 2021, with the unveiling of their victim “data auction”/blog site.

Watch Now
Related Resources
Video
SentinelOne PartnerOne – America’s 2025
Video
Just a Sec: Cybersecurity Unfiltered—Fast, Frank, and From the Front Lines
Video
LABScon24 Replay | A Walking Red Flag (With Yellow Stars) | Cary & Benincasa
Video
LABScon24 Replay | Kryptina RaaS: From Unsellable Cast-off to Enterprise Ransomware | Jim Walter

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform harnesses the power of data and AI to protect your organization now and into the future.

Request a Demo