Does MBAM detect and block sodinokibi ransomware?

[john11]

Some web posts suggest that the Sodinokibi ramsomware uses PowerShell to infect. I was told that Malwarebytes whitelists PowerShell.  Does Malwarebytes detect and block the sodinokibi ransomware if it uses poweshell to infect?

[pondus]

Read   https://blog.malwarebytes.com/detections/ransom-sodinokibi/

This forum section is for posting New undetected samples and not questions

 

[exile360]

I'm not aware of any whitelisting for Powershell by Malwarebytes; that said, Malwarebytes has extensive capabilities for detecting and blocking ransomware as well as scripting malware such as file-less threats that use Powershell.  Malwarebytes has many layers of defense, so even if the primary Malware Protection component doesn't target Powershell scripts (which it doesn't, as static signatures/detection for script based malware attacks is a virtually useless tactic due to how easy it is to modify or encrypt such scripts to evade signature based detection as described in this article), it should still detect the threat/attack via one of its other components such as Exploit Protection, Ransomware Protection or Web Protection.  Many of Malwarebytes' defenses are based on behavioral detection which is immensely useful against such threats.

Specifically with regards to Sodinokibi, please refer to the write-up from the Malwarebytes Labs blog found here.

You can learn more about the various components in Malwarebytes by referring to the diagram and information found on this page.

I hope this helps.