SentinelOne vs DarkBit Ransomware – Detection and Response

In this video, we will be focusing on the DarkBit ransomware that has emerged in early 2023 and heavily targets educational institutions in Israel.

DarkBit ransomware is claimed to be politically motivated and is against racism, fascism, and apartheid. It is written in Golang and supports multiple command-line arguments, giving attackers granular control over how and what is encrypted. Encrypted files are marked with a .Darkbit extension.

This ransomware can spread to and encrypt adjacent and accessible network resources, as well as the ability to spread without encrypting. Upon execution, it initiates a short countdown, followed by attempting to disable Volume Shadow Copies via VSSADMIN.EXE.