W32/DarkSide.B!tr.ransom

description-logoAnalysis

W32/DarkSide.B!tr.ransom is classified as a ransomware trojan.
A ransomware trojan is a type of malware that prevents or restricts the infected user from accessing their system, usually by locking the screen or encrypting the user's files. It then demands payment, usually in the form of cryptocurrency, in order for the system or files to be accessible again.
The Fortinet Antivirus Analyst Team is constantly updating our descriptions. Please check the FortiGuard Encyclopedia regularly for updates.

description-logoOutbreak Alert

On May 7, Colonial Pipeline Company learned it was the victim of a cybersecurity attack and has since determined that the incident involved ransomware. Quickly after learning of the attack, Colonial proactively took certain systems offline to contain the threat. These actions temporarily halted all pipeline operations and affected some of our IT systems, which we are actively in the process of restoring.

View the full Outbreak Alert Report

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2022-10-18 90.07000
2022-05-09 90.02144
2022-04-26 90.01752
2022-03-15 90.00492
2021-10-05 89.05661
2021-07-07 87.00458
2021-07-07 87.00457
2021-04-07 85.00284
2021-03-30 85.00092