Get a Demo
Platform
Why SentinelOne?
Services
Partners
Resources
About
Pricing
Get a Demo
Back to Resources

SentinelOne Vs. BlackByte Ransomware – Mitigation and Rollback

Video
SentinelOne Vs. BlackByte Ransomware – Mitigation and Rollback

Watch how SentinelOne mitigates and rolls back BlackByte. BlackByte’s highly-obfuscated JS Loader is delivered via multiple methods (watering hole, exploit kit, other malware/frameworks). The obfuscated JavaScript is typically used to prep the victim for further activity (ex: facilitating the modification of firewall rules for exfiltration) as well as receiving/decoding the main payload (encryptor) for execution. The JS Loader modifies various services and system components that may inhibit the encryption process. This includes the disabling of VSS / Volume Shadow Copies as well as disabling MSQL services.

The Loader also targets the Raccine security product specifically, attempting to shut down or circumvent components of that product. BlackByte ransomware started gaining greater visibility in August of 2021, with the unveiling of their victim “data auction”/blog site.

Watch Now
Related Resources
Video
RSAC 2025: Join SentinelOne
Video
Is DeepSeek a Cybersecurity Threat? SentinelOne’s Alex Stamos Answers.
Video
SentinelOne and Aston Martin F1 Team
Video
LABScon24 Replay | Resilience and Protection in the Windows Ecosystem | Weston & Zetter

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform harnesses the power of data and AI to protect your organization now and into the future.

Request a Demo