SentinelOne Demo: SentinelOne VS GAZPROM Ransomware – Protection

In this video, we demonstrate how SentinelOne detects and mitigates GAZPROM ransomware. GAZPROM Ransomware emerged in March 2023 with payloads based on re-used code from Conti ransomware. GAZPROM has also been referred to as “Gazprom Locker” and “Gazprom Reborn” in the context of their more recent campaigns. Given the name of the ransomware and some of its associated messaging, SentinelOne assesses there to be a geopolitical slant or motivation behind this threat actor and/or campaign.

GAZPROM ransomware operators do not discriminate when it comes to victimology outside of targeting enterprise and SMB environments. As of this writing, financial institutions have been targeted as have entities in the manufacturing and technology industries.

Initial access in GAZPROM campaigns is achieved via exploitation of publicly-facing and vulnerable applications and devices. Once established, the threat actors combine remote access tools (e.g., Anydesk) with frameworks like Cobalt Strike to further the attack into the target environment.

The SentinelOne Singularity XDR Platform can identify and stop any malicious activities and items related to GAZPROM ransomware and return systems to their original state using either the Quarantine or Repair.