FortiSandbox provides a solution to protect against advanced threats and ransomware for companies who don’t want to implement and maintain a sandbox environment on their own.
Article Id 192535

This article explains how to detect unknown Ransomware though passive scan in FortiSandbox

From Wikipedia:

“Ransomware is computer malware that installs covertly on a victim's device (e.g., computer, smartphone, wearable device) and that either mounts the cryptoviral extortion attack from cryptovirology that holds the victim's data hostage, or mounts a cryptovirology leakware attack that threatens to publish the victim's data, until a ransom is paid.”

“Ransomware attacks are typically carried out using a Trojan that has a payload disguised as a legitimate file.”

If an infection is suspect or happening and you fail detecting any unusual activity in you border Security devices maybe and unknown malware is present in the network.

The attack vector of Trojans is usually through a file that look like a normal installer or file system, it is imperative that you get a sample of this file.


Upload the suspect file to Fortiguard online virus scanner to confirm any match:

If the results of the virus scanner are clean, perform a deeper scan with with FortiSandbox.

Carefully transport the suspected file sample to a computer able to access FortiSandbox GUI.

From the navigation tree go to Scan Input -- > File On-Demand -- > Submit File

In the Submit New File window chose the inspection options that you need, by default Sandboxing inspection will be executed and the default Scan profile used.

In the following example a file was rated by VM Engine as High Risk Unknown

The file is also send to FortiGuard network where analysts create the signature.

In other example the file was rated by AV scanner which means that the signature for this malware was already added to the global virus databases