SentinelOne Demo: SentinelOne VS Knight Lite Ransomware – Protection

In this video demonstration, we show how the SentinelOne Singularity XDR Platform protects against Knight Lite ransomware. Knight ransomware operations emerged in August of 2023, as an evolution or rebrand of Cyclops ransomware. Knight operates as a multi-extortion group, hosting a TOR-based blog to list victim names along with any exfiltrated data. The group aggressively coerces victims into payment in order to avoid having their data publicly leaked. The threat operator offers payloads in both normal and “lite” versions.

Knight ransomware is an evolution or revision of Cyclops. Cyclops (now Knight) has been actively sold and advertised on the RAMP forum.

Knight Ransomware is delivered primarily though phishing campaigns. Some early examples include those masquerading as messages from TripAdvisor.

Victims are required to visit a unique TOR-based URL to receive an email address. That address is then used to obtain further instructions and carryout any additional communications between victim and attacker. Upon encryption, files will have a “.knight” “.knightl” or “.knight_l” extension.

The SentinelOne Singularity XDR Platform can return systems to their original state using either the Quarantine or Repair.