Fortinet black logo

User Guide

Home FortiRecon 24.1.b User Guide
24.1.b
24.2.0
24.1.b
24.1.a
24.1.0
23.4.a
23.4.0
23.3.a
23.3.0
23.2.b
23.2.a
23.2.0
23.1.b
23.1.a
23.1.0
22.4.a
22.4.0
22.3.0
22.2.0

Viewing ransomware intelligence

Viewing ransomware intelligence

The Ransomware Intelligence page contains multiple sections that display high level information on the ransomware threat landscape. Sections include:

  • Summary: A summary to total incidents, groups currently being tracked, and the top sector, country, and active ransomware. Select a card to view more information in the Ransomware Trends.

  • Ransomware Trends: Graphical representations of ransomware trends, including top targeted sectors and victimized countries. The trends will adjust to reflect a particular trend if a card is selected in the Summary.

  • Watchlist: A list of monitored organization and vendors. If an asset matches a monitor, an alert will be triggered. Add or edit your watchlist by selecting Manage.

    The color of the watchlist match depicts the following:

    • Blue: The name of this entity has been identified as a target on ransomware blogs/sites.

    • Orange: This entity has been targeted by a threat actor operating in the darknet, and there is a possibility that their network/system access is being offered for sale. Therefore, this entity is a potential candidate for a ransomware attack. You can find the associated report about this entity in the ACI > Reports section.

  • Active Ransomware: A list of known, active ransomware and the current victim count for each.

  • Latest Ransomware Victims: A list of the most recent victims of ransomware victims, including information on the victim revenue, sector, and country. Select an entry for more information on a specific victim. Click Show More to view more victims.

    In the Latest Ransomware Victims page, click Show Details next to ransomware entry to view detailed information.

  • Potential Ransomware Victims: A list of targets identified as potential victims of ransomware, including information on revenue, sector, and country. Select an entry for more information on a specific target. Click Show More to view more potential targets.

    In the Potential Ransomware Victims page, click Associated Reporting icon next to ransomware entry to view more information.

Previous
Next

Viewing ransomware intelligence

The Ransomware Intelligence page contains multiple sections that display high level information on the ransomware threat landscape. Sections include:

  • Summary: A summary to total incidents, groups currently being tracked, and the top sector, country, and active ransomware. Select a card to view more information in the Ransomware Trends.

  • Ransomware Trends: Graphical representations of ransomware trends, including top targeted sectors and victimized countries. The trends will adjust to reflect a particular trend if a card is selected in the Summary.

  • Watchlist: A list of monitored organization and vendors. If an asset matches a monitor, an alert will be triggered. Add or edit your watchlist by selecting Manage.

    The color of the watchlist match depicts the following:

    • Blue: The name of this entity has been identified as a target on ransomware blogs/sites.

    • Orange: This entity has been targeted by a threat actor operating in the darknet, and there is a possibility that their network/system access is being offered for sale. Therefore, this entity is a potential candidate for a ransomware attack. You can find the associated report about this entity in the ACI > Reports section.

  • Active Ransomware: A list of known, active ransomware and the current victim count for each.

  • Latest Ransomware Victims: A list of the most recent victims of ransomware victims, including information on the victim revenue, sector, and country. Select an entry for more information on a specific victim. Click Show More to view more victims.

    In the Latest Ransomware Victims page, click Show Details next to ransomware entry to view detailed information.

  • Potential Ransomware Victims: A list of targets identified as potential victims of ransomware, including information on revenue, sector, and country. Select an entry for more information on a specific target. Click Show More to view more potential targets.

    In the Potential Ransomware Victims page, click Associated Reporting icon next to ransomware entry to view more information.

Previous
Next