SentinelOne vs RegretLocker – Protect Mode

RegretLocker is a recently-discovered ransomware family that sports a multitude of modern features. It has the ability to terminate any process that may interfere with the encryption process, partially achieved via the Windows Restart Manager API. It can encrypt all the usual file types including virtual machine images, as well as deleting VSS copies (through multiple approaches). Current analysis shows some ability to scan for additional victims via SMB. Encrypted files are marked with a “.mouse” extension. Victims are instructed, via ransom note, to contact the attacker via email, as opposed to a TOR-based payment portal.