Description
Solution
This article explains how to detect unknown Ransomware though passive scan in FortiSandbox
From Wikipedia:
“Ransomware is computer malware that installs covertly on a victim's device (e.g., computer, smartphone, wearable device) and that either mounts the cryptoviral extortion attack from cryptovirology that holds the victim's data hostage, or mounts a cryptovirology leakware attack that threatens to publish the victim's data, until a ransom is paid.”
“Ransomware attacks are typically carried out using a Trojan that has a payload disguised as a legitimate file.”
If an infection is suspect or happening and you fail detecting any unusual activity in you border Security devices maybe and unknown malware is present in the network.
The attack vector of Trojans is usually through a file that
look like a normal installer or file system, it is imperative that you get a
sample of this file.
Solution
Upload the suspect file to Fortiguard online virus scanner to confirm any match:
http://www.fortiguard.com/virusscanner
If the results of the virus scanner are clean, perform a deeper scan with with FortiSandbox.
Carefully transport the suspected file sample to a computer able to access FortiSandbox GUI.
From the navigation tree go to Scan Input -- > File On-Demand -- > Submit File
In the Submit New File window chose the inspection options that you need, by default Sandboxing inspection will be executed and the default Scan profile used.
In the following example a file was rated by VM Engine as High Risk Unknown
The file is also send to FortiGuard network where analysts create the signature.
In other example the file was rated by AV scanner which means that the signature for this malware was already added to the global virus databases
