A new strain of ransomware, dubbed Rorschach, has been discovered by IT security solution provider Check Point. With features never before seen in ransomware until now, Check Point believes that it is currently one of the fastest ransomware strains to date. Here's what you need to know about it:
4 main reasons to be wary of Rorschach:
1. Fast encryption
Rorschach has boosted its speed and effectiveness by only partially encrpyting files. It also blends the hybrid-cryptography schemes curve25519 and eSTREAM cipher hc-128 algorithms it deploys to increase its speed.
Under the same conditions, Rorschach is faster than the notoriously fast encryptor LockBit v.3 by approximately 2 and a half minutes on average, encrypting 200,000 files in less than 5 minutes in encryption speed tests.
To make matters worse, Rorschach can even adjust its number of encryption threads to achieve faster encryption.
2. Defense evasion
Rorschach is able to bypass security measures that monitor direct API calls meant to combat ransomware by making direct system calls by the "syscall" instruction, which is rare in ransomware, borrowing defense evasion mechanisms from other strains of malware.
Apart from its ability to bypass security solutions, Rorschach also increases the difficulty of analyzing and remedying the attack situation. It creates fake arguments to replace real ones to delete shadow volumes and backups, clear event logs and disable firewalls.
3. Partly autonomous
Rorschach is able to act on its own and is more autonomous than previous strains of ransomware. It is able to create a domain group policy (GPO) on its own, removing the need for manual efforts. This allows Rorschach to then infect other machines in the same domain on an enterprise scale when running on a Windows Domain Controller.
4. Highly customizable
Rorschach offers greater customization and flexibility. Apart from its own built-in configuration, malicious actors can use optional arguments to adapt Rorschach to their specific needs, offering more options that help increase its spread of infection.
7 best practices to prevent ransomware attacks
As ransomware and other strains of malware continue to evolve, stay vigilant and maintain strong cyber security strategies, such as:
- Updating your OS to patch and reduce vulnerabilities.
- Installing anti-virus software on your computer.
- Keeping both online and offline backups of your data
- Enforcing the principle of least privilege with Zero Trust Security.
- Building a strong security culture within your organization.
- Not clicking links in suspicious emails.
- Not installing files that are downloaded from unknown sources.
Read more about ransomware and how to prevent it here.
