SentinelOne vs Ryuk – Protect Mode

Ryuk is one of the more prolific and long-standing ransomware families active these days. Previously thought to be superseded by Conti, we now face both threats in various corners of the threat landscape. Trickbot, Ryuk and Conti are very closely associated, and we often observe Ryuk being deployed at a later stage in Trickbot campaigns. Ryuk itself has evolved quite a bit over the past few years. Modern variants are both complex and aggressive. Historically, Ryuk is very thorough when it comes to execution of its encryption routines (combinations of RSA and AES). It can also stop/disable 3rd party backup and security software, in addition to attempting to remove Volume Shadow (VSS) copies.