SentinelOne says if you get hit by ransomware, it will pay the ransom

SentinelOne writes:

We’ve created the first ever Ransomware Cyber Guarantee – a warranty for our product’s performance. It’ll give you the best protection from ransomware attacks – and if we miss something and you get infected – we’ll pay the ransom. It’s that simple. And it’s how security is supposed to be. If you can block something – why not guarantee it? Would you buy a new shiny car without manufacturer warranty?

In other words, self-proclaimed “next generation endpoint security solution” SentinelOne says it’s entirely comfortable paying money to criminals.

Of course it’s a marketing stunt, but still one – I must admit – that leaves a strange taste in my mouth.

Sign up to our free newsletter.
Security news, advice, and tips.

If I’m feeling mischievous, I might even wonder if some future ransomware might detect the presence of SentinelOne and increase its ransom demand accordingly…

Couldn’t SentinelOne have just offered to throw in a decent backup program?


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

8 comments on “SentinelOne says if you get hit by ransomware, it will pay the ransom”

  1. Nigel

    Sure…maybe the folks at SentinelOne are painting a big target on themselves, inviting ransomware thugs to target their users. But let's be honest—if they can actually back up their guarantee and still stay in business, you'll have to admit they're doing something right.

    I mean, maybe it's more than just "a marketing stunt". Frankly, I'm rooting for them. If they can deliver on what they're promising, it sets the bar higher for everyone in the industry.

    Time will tell, of course. They've really thrown down the gauntlet on this one. The bad guys will see it as a challenge. I hope it doesn't backfire on SentinelOne.

  2. Bob

    Graham, take a loot at their small print*:

    "In the event that your organization must pay the ransom, SentinelOne Endpoint Protection Platform (EPP) customers covered by the SentinelOne Cyber Guarantee will be reimbursed up to $1,000 USD per aected endpoint if we’re unable to keep you safe
    from a ransomware attack, and up to a maximum of $1,000,000 USD per company."

    HOWEVER there are a few gotchas:

    "Guarantee only covers the cost of the ransom, not hard business disruption or soft costs relating to PR / brand.

    • SentinelOne is not liable if paying the ransom does not lead to successfully recovering the data.

    • Only Windows-based endpoints and servers with SentinelOne EPP deployed on them will be covered under the guarantee."

    *https://sentinelone.com/wp-content/uploads/2016/07/Brochure-Ransomware-Vertical-Online.pdf

  3. Simon

    SentinelOne's ploy doesn't bode well with me.

    As mentioned earlier, seems their being super cocky and asking for trouble or just being bold in an attempt to attract attention; typical marketing at it best (or worst, depending on how you look at it…)

  4. Steph

    As Nigel said "If they can deliver on what they're promising, it sets the bar higher for everyone in the industry" and it's a very good thing. Hoplefuly, others will follow. If they believe in their products, they should give some guarantees.

    1. Bob · in reply to Steph

      You're missing the point.

      They're saying they'll pay the ransom IF you've done this AND you've done that AND you're using this product BUT not if you've done this etc.

      Also remember that if you pay (because YOU'VE got to cough up in advance!) and you don't get your data back then they won't give you a penny.

      "SentinelOne is not liable if paying the ransom does not lead to successfully recovering the data."

      So much for confidence in their products.

  5. Bernhard Kirschner

    As a marketing idea for SentinelOne it's good. I am reading about in many publications.
    As a business plan it is even better. SentinelOne charge $45 for their software +$5 for the insurance per endpoint. Their maximum payout per endpoint is $1,000. If less than 1 in 20 claim, they are ahead.
    Its best for the ransomware actors, who are more likely to be paid and are encouraged to mount more attacks, making it worse for the rest of us.
    Its bad for the SentinelOne users who are likely to be more careless with security and who do not ensure that they have proper backups. Proper backups are backups that are vaulted, versioned verified, automated and monitored. Backups are the only safe protection against extortion.
    Unfortunately it is easier to promote anti-virus than backup.

  6. Scott Gainey

    Respectfully Graham, I think you're missing the point. Why would you take a negative tone against a company offering a guarantee against it's technology? Do you see it as a negative that auto manufactures provide a guarantee against the vehicle they sell? The appliance manufacture who backs the refrigerator in your home? Why do we allow a $65B a year cybersecurity industry to get away with making bold claims in 3rd party tests (e.g. 100% detection rate) without any guarantee or assurance? What's the recourse for a customer if that vendors technology does not achieve that 100% detection they claim. And ff the security industry is as good as it says it is, why does 72% of people expect they'll be successfully attacked in the next 12 months.

    We're not looking for a pat on the back in making this announcement. We're looking for collaboration amongst the industry to begin offering guarantees of their own. Imagine if your firewall vendor, sandbox vendor, proxy vendor, antivirus vendor, etc. all offered guarantees against their technologies and claims. That's the assurance I believe our consumers deserve. That's the story I would have liked to see you speak to.

    1. Graham CluleyGraham Cluley · in reply to Scott Gainey

      Hi Scott

      Sorry to have disappointed you and your colleagues at SentinelOne. I just write about what I find interesting to me.

      I found it an odd thing to offer a guarantee that could see criminals finding it easier to earn money.

      Looking further into this today, I read the article by Jeremy KIrk who found out that SentinelOne isn't so much offering a guarantee but selling insurance:

      "SentinelOne's program offers to reimburse customers up to $1,000 per infected endpoint, or up to $1 million in total. But there are many conditions, and the guarantee isn't free. In fact, the whole thing reads more like a mini cyber insurance policy.

      To obtain the related coverage, Grossman says clients will pay a surcharge of between 5 to 10 percent of the per-seat cost of their SentinelOne license, which varies according to the vagaries of software license subscription negotiations. At least in the information security space, volume discounts are also quite common."

      – "How Does SentinelOne's Ransomware Guarantee Stack Up?"

      http://www.databreachtoday.com/blogs/how-does-sentinelones-ransomware-guarantee-stack-up-p-2202

      If I had known that SentinelOne was charging customers extra for this "guarantee" I would have probably focused on that.

Leave a Reply to Bernhard Kirschner Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.