SentinelOne Vs. HelloXD Ransomware – Detection and Prevention

The HelloXD ransomware family was first observed in late 2021. The ‘commercial’ ransomware is tied to specific sellers active in known ‘underground’ forums/marketplaces. Over the last couple of months, operators of HelloXD have increased activity and introduced updated versions of the HelloXD payload. The most recent updates are focused on detection evasion and the speed/efficiency of encryption.

Upon infection, victims are instructed to contact the attacker(s) via Tox Chat.
HelloXD also attempts to inhibit recovery by deleting Volume Shadow Copies (VSS).
In some of the recent campaigns, the attackers are also leveraging an open-source backdoor tool (MicroBackdoor).

#cybersecurity #ransomware #XDR #mindware