New Ransomware Strain Rorshach Takes the Crown as the Fastest

Cybersecurity researchers have recently uncovered a new strain of ransomware which they argue is the fastest around. After investigating a cyber-incident at a US company, experts at Check Point came across an unknown ransomware variant which, after a more thorough analysis, was dubbed Rorshach.

Rorshach completed the task of encrypting 220,000 files on a 6-core CPU machine in just four and a half minutes, making it the fastest ransomware strain around. This is significantly faster than LockBit 3.0, which previously held the record at seven minutes for the same job.

While the ransomware’s operators are still unknown, the researchers do have a few ideas as to who might be behind it. The ransom note, they say, uses a format similar to the one used by the Yanlowang ransomware. They also said that the previous versions of malware used a ransom note similar to what DarkSide used, which tricked other researchers into believing that Rorshach was actually DarkSide.

When it comes to the ransomware’s technical specifications, the researchers found Rorshach supporting command-line arguments that can expand its functionality. However, the options are hidden, and can’t be accessed without reverse-engineering the malware. They also found that the encryptor will only go to work if it finds the target machine being configured with a language outside the Commonwealth of Independent States (CIS).

As for the encryption scheme, it’s a mix of curve25519 and eSTREAM cipher hc-12 algorithms. The malware only encrypts parts of the file, which is a practice other ransomware developers implemented, as well, to speed up the encrypting process.

Rorshach’s encryption routine suggests “a highly effective implementation of thread scheduling via I/O completion ports,” the researchers concluded.

Conclusion

The discovery of Rorshach highlights the need for companies to have a robust cybersecurity strategy in place. With ransomware attacks becoming increasingly sophisticated and fast, it’s essential for businesses to take steps to protect themselves. This includes regular backups of critical data, keeping software up to date, and training employees on cybersecurity best practices. By taking these steps, businesses can help reduce the risk of falling victim to ransomware attacks like Rorshach.

FAQs:

Q: How did the researchers determine that Rorshach is the fastest ransomware strain?

A: The researchers at Check Point gave the ransomware 220,000 files to encrypt on a 6-core CPU machine and timed how long it took to complete the task. Rorshach completed the task in just four and a half minutes, making it the fastest ransomware strain around.

Q: Who might be behind the Rorshach ransomware?

A: The ransomware’s operators are still unknown, but the researchers believe that the ransom note uses a format similar to the one used by the Yanlowang ransomware.

Keywords: Cybersecurity, Ransomware, Rorshach, Check Point, Yanlowang, Darkside, Malware, Cybersecurity Strategy