Right-clicking on a ransomware link does not generate an interaction log such as Ransomware opened. However, in some cases, logs may be observed due to behaviors external to the platform environment.
Expected Behavior
When performing a right-click on a link in a ransomware simulation:
- No interaction of the type Ransomware opened is recorded
- It is not considered a valid action for executing the content
This is because the interaction is only recorded when the user performs an effective action on the link (for example, left-click and opening the content).
Why Can Interactions Be Logged in Some Cases?
The logging of interactions depends not only on the platform but also on the user's environment, including:
- Email client
- Operating system
- Device settings
- Security tools
In some scenarios, a right-click can:
- Trigger automatic analysis mechanisms
- Generate a preview of the link
- Perform security validations
These actions can result in interaction logs, even though they do not correspond to a manual user action.
Possible Causes
🔒 Security Tools
- Solutions that automatically analyze links
- Sandboxing or prior inspection
🖥️ Operating System
- Preview functionalities
- Automatic handling of links or files
📧 Email Client
- Behaviors specific to interacting with links
- Security integrations
Considerations
- This behavior does not originate from SMARTFENSE
- It depends on configurations external to the platform environment
- It can generate logs that do not represent a real user interaction
💡 Best Practices
- Validate behavior in the client environment before productive campaigns
- Identify security tools that may generate automatic interactions
- Consider these cases when analyzing campaign statistics