I don't know if this is the right forum category to post, so i apologize if i post this in the wrong forum.
One of my user recently open an email attachment with a .zip file which after we detect after around 6+ hours that the .zip contains a ransomware which encrypt all the documents into .osiris extension.
The Endpoint protection does not give any warning about this ransomware, so we does not know about it until the ransomware has encrypt almost all the user data.
The problem is that the encryption range has reached our main server and we did not know how far and to where it has spread.
We has disconnected the source computer and after we check around the internet on how to detect the ransomware, we does not found the trace of the ransomware in the registry or the application list or in the startup list. The only thing remaining is the .zip file that the user has downloaded and the suspicious FILE and .ZK extension file inside the TEMP folder. At this point, we does not know if the ransomware is still active or not and how does it work.
My question, could upload the ransomware source to symantec and could symantec check the ransomware source (.zip) and check it's variant, how it works and how to check if the ransomware is still active, and does it bring any other threat like trojan with it? And if you could, where do we submit the file to?
Thanks.