Аs we have said many times, encryption by ransomware is one of the top threats out there. SentinelOne may not be the only security firm trying to defeat criminally encrypted data but they are likely the first ones to release a solution. SentinelOne has added a brand new feature to its endpoint detection products designed to restore files encrypted by ransomware.
The component will be made available in the 1.6 versions of the Endpoint Protection Platform (EPP) and the Endpoint Detection and Response (EDR) products. According to Dal Gemmell, the director of product management at the company, the feature will be free of charge.
We truly believe that SentinelOne is not the only vendor attempting to accomplish ‘anti-encryption’ by performing deep analysis instead of the usual signature-based detection applied by most AV software.
What is the anti-encryption feature all about?
The EPP and EDR products will use a lightweight agent on endpoint devices, which will investigate the OS’s kernel and the user space for malware-related alterations.
The rollback component will ‘take advantage’ of the built-in capabilities in Windows and OS X, known as Volume Shadow Copy Service and journaling. Both of the technologies are applied for system-restore actions. The services take snapshots of files on a PC and keep them in a secure area. According to SentinelOne experts, their products will contribute to these services by adding anti-tampering defenses to reassure that the snapshots stay untouched by malware.
The feature has been tested on different ransomware threats, Gemmell has explained which only seems obligatory. Ransomware has emerged as one of the most damaging and profitable malicious software pieces. We have seen many file-encrypting attacks on individuals and enterprises; we have even observed a possible CryptoWall 4.0 attack. The STF team always tries to report as many malicious threats as possible, and provide removal solutions.
For more information on recent ransomware attack scenarios and encryption, you can refer to the following articles:
Backing up files is still crucial
Even though many security vendors are currently working towards defeating malicious encryption, prevention is still considered the best protection method. In other words, always make sure to back up your information and keep the backup drive disconnected. Otherwise, it can be encrypted as well. Many such cases have been recorded.
Is the rollback feature user-friendly? Mr.Gemmell has confirmed that the updated products can be configured in different ways. We will make sure to keep our readers informed on the topic, as we expect more vendors to upgrade their products.
You are welcome to explore our blog and security forums. Feel free to leave us a comment or start a discussion!