FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes the preventive measures that can be applied to FortiGate to block and stop Brain Cipher ransomware from infecting internal hosts.
Scope
FortiGate.
Solution
Brain Cipher ransomware is a ransomware variant from the LockBit hacker group. Below are the recommendations to ensure that Brain Cipher is not impacting the internal systems:
Ensure the operating system is updated with the latest security patch.
Ensure the application in use is updated with the latest security patch.
Ensure that the firewall policy configured to process traffic has been applied with the appropriate security profile such as AntiVirus and Webfilter service that blocks all the known indicators of compromise (IoCs).
Endpoint AntiVirus such as FortiClient and FortiEDR protects the end host when it is not connected to the network of the FortiGate.
The following AntiVirus signature developed by FortiGuard lab would translate to blocking of Brain Cipher ransomware attempt:
