Get a Demo
Platform
Why SentinelOne?
Services
Partners
Resources
About
Pricing
Get a Demo
Back to Resources

SentinelOne Vs. TellYouThePass Ransomware – Kill and Quarantine

Video
SentinelOne Vs. TellYouThePass Ransomware – Kill and Quarantine

⚔️See how SentinelOne kills and quarantines TellYouThePass Ransomware. TellYouThePass is a commodity ransomware family that has origins dating back to 2019. The family reemerged in parallel with the exploration of Apache (Log4j) vulnerabilities. Once this vulnerability (and PoC exploit code) was disclosed, we began to see widespread “scanning” (aka reconnaissance) for exposed devices that may be vulnerable to the related exploits.

In the recent emergence, the observed samples are written in Go (Golang). This allows the actors and affiliates a quick and efficient route to code which affects multiple platforms. Currently, there are Linux and Windows versions of TellYouThePass in the wild, with macOS variants soon to follow.

Upon execution, TellYouThePass will gather system information, as well as attempt to terminate any process or service which might inhibit the encryption process. The samples observed (Windows) perform all these tasks in visible cmd windows, and they do little to nothing, to hide their activity on the systems. Local file and folder enumeration, as well as local volume discovery, is also rudimentary and “not-stealth.”

#tellyoutopass #ransomware #infosec #cybersecurity #log4j #endpointprotection #endpointsecurity

Watch Now
Ransomware
Related Resources
Video
RSAC 2025: Join SentinelOne
Video
Is DeepSeek a Cybersecurity Threat? SentinelOne’s Alex Stamos Answers.
Video
SentinelOne and Aston Martin F1 Team
Video
LABScon24 Replay | Resilience and Protection in the Windows Ecosystem | Weston & Zetter

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform harnesses the power of data and AI to protect your organization now and into the future.

Request a Demo