Get a Demo
Platform
Why SentinelOne?
Services
Partners
Resources
About
Pricing
Get a Demo
Back to Resources

SentinelOne VS Zeon Ransomware – Detection, Response and Remediation

Video
SentinelOne VS Zeon Ransomware – Detection, Response and Remediation

Zeon ransomware is a Python-based malware that was first reported in January 2022. The ransomware is packaged using PyInstaller and obfuscated using PyArmor, and is a predecessor to the Royal ransomware operation. Zeon’s operators threaten victims with the public exposure of their internal data in ransom notes, stating that they will publish the data on their news website if the victim does not comply.

On execution, Zeon ransomware payloads attempt to stop any services or processes that could inhibit the encryption process, including backup processes, utilities, and security products from McAfee, Sophos, and Kaspersky. The ransomware uses both taskkill.exe and net.exe to terminate these processes.

To achieve persistence, Zeon generates and executes a scheduled task via cmd.exe. SentinelOne Singularity XDR protects against Zeon ransomware attacks.

#Zeon #ransomware

Watch Now
Ransomware
Related Resources
Video
RSAC 2025: Join SentinelOne
Video
Is DeepSeek a Cybersecurity Threat? SentinelOne’s Alex Stamos Answers.
Video
SentinelOne and Aston Martin F1 Team
Video
LABScon24 Replay | Resilience and Protection in the Windows Ecosystem | Weston & Zetter

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform harnesses the power of data and AI to protect your organization now and into the future.

Request a Demo