Jump to content

Does MBAM detect and block sodinokibi ransomware?


Recommended Posts

I'm not aware of any whitelisting for Powershell by Malwarebytes; that said, Malwarebytes has extensive capabilities for detecting and blocking ransomware as well as scripting malware such as file-less threats that use Powershell.  Malwarebytes has many layers of defense, so even if the primary Malware Protection component doesn't target Powershell scripts (which it doesn't, as static signatures/detection for script based malware attacks is a virtually useless tactic due to how easy it is to modify or encrypt such scripts to evade signature based detection as described in this article), it should still detect the threat/attack via one of its other components such as Exploit Protection, Ransomware Protection or Web Protection.  Many of Malwarebytes' defenses are based on behavioral detection which is immensely useful against such threats.

Specifically with regards to Sodinokibi, please refer to the write-up from the Malwarebytes Labs blog found here.

You can learn more about the various components in Malwarebytes by referring to the diagram and information found on this page.

I hope this helps.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.