https://gizmodo.com/revil-gang-takes-credit-for-massive-kaseya-attack-and-a-1847232663
Fortinet Products Summary | Services | Version | Other Info |
---|---|---|---|
FortiGate | AV | 87.00359 | FortiGuard AV detects the REvil payloads and file extractor |
FortiClient | AV | 87.00359 | FortiGuard AV detects the REvil payloads and file extractor |
FortiEDR | AV (Pre-filter) | 87.00359 | FortiGuard AV detects the REvil payloads and file extractor |
EDR | v4+ | FortiEDR can be used to effectively detect and mitigate post-exploitation activity associated with this threat. | |
FortiSandbox | AV (Pre-filter) | 87.00359 | FortiGuard AV detects the REvil payloads and file extractor |
Behavior Detection | 3.2.2+ | FortiSandbox detects ransomware behaviors of the samples | |
FortiAI | AV (Pre-filter) | 87.00359 | FortiGuard AV detects the REvil payloads and file extractor |
ANN | 1.077 | Artificial Neural Networks (ANN) Engine detects the known hashes | |
FortiMail | AV | 87.00359 | FortiGuard AV detects the REvil payloads and file extractor |
FortiCASB | AV | 87.00359 | FortiGuard AV detects the REvil payloads and file extractor |
FortiCWP | AV | 87.00359 | FortiGuard AV detects the REvil payloads and file extractor |
FortiADC | AV | 87.00359 | FortiGuard AV detects the REvil payloads and file extractor |
FortiProxy | AV | 87.00359 | FortiGuard AV detects the REvil payloads and file extractor |
FortiAnalyzer | IOC | 0.01915 | FortiGuard IOC detects past log-based events accessing knowing C&C IPs and domains |
Event Handlers & Reports | 6.2+ | Detects indicators attributed to REvil from Fabric products. | |
FortiSIEM | IOC | 0.01915 | FortiGuard IOC detects past log-based events accessing knowing C&C IPs and domains |
Rules & Reports | 6.2+ | Detects indicators attributed to REvil from Fabric products and 3rd party products. | |
FortiClient/EMS | ZTNA Auto Tagging | 6.4+ | Detect and tag endpoints that are suspected compromised by the REvil ransomware |