The fastest ransomware has been identified by cybersecurity experts of Check Point Software Technologies Ltd.; a leading cybersecurity solutions provider.
A participant looks at lines of code on a laptop on the first day of the 28th Chaos Communication Congress (28C3) - Behind Enemy Lines computer hacker conference on December 27, 2011 in Berlin, Germany. The Chaos Computer Club is Europe's biggest network of computer hackers and its annual congress draws up to 3,000 participants.
Involved security experts said that the new Rorschach ransomware has technically unique features. Among all its unusual characteristics, the most noticeable that Check Point saw is its ultra-fast encryption speed.
Fastest Ransomware Identified by Check Point
According to Bleeping Computer's latest report, Check Point's cybersecurity researchers conducted multiple tests.
Participant hold their laptops in front of an illuminated wall at the annual Chaos Computer Club (CCC) computer hackers' congress, called 29C3, on December 28, 2012 in Hamburg, Germany. The 29th Chaos Communication Congress (29C3) attracts hundreds of participants worldwide annually to engage in workshops and lectures discussing the role of technology in society and its future.
Also Read: Vulkan Files Unmask How Putin, Russia Launched Shocking Cyberwarfare on the World
Based on their results, Rorschach is the fastest ransomware threat up to date.
"Due to different implementation methods, Rorschach is one of the fastest ransomware observed, by the speed of encryption," said the cybersecurity firm via its official blog post.
Aside from having a fast encryption speed, the new Rorschach ransomware is also highly customizable.
Check Point explained that it contains direct syscalls (a feature rarely found in ransomware) and other unique capabilities.
Another alarming functionality of Rorschach is that it is partially autonomous; it can spread itself automatically after being executed on a Domain Controller (DC).
How Rorschach Ransomware Works
Check Point explained that Rorschach ransomware works by encrypting data first. It will do this if the target machine is configured with a language outside CIS.
After that, it will follow the intermittent encryption trend to blend the curve25519 and eSTREAM.
This means that it will encrypt the victim computer's files partially. Here are the three files targeted by Rorschach:
- cy.exe - Cortex XDR Dump Service Tool version 7.3.0.16740, abused to side-load winutils.dll.
- config.ini - Encrypted Rorschach ransomware which contains all the logic and configuration.
- winutils.dll - Packed Rorschach loader and injector, used to decrypt and inject the ransomware.
Thanks to this method, Rorschach's process will become faster than any other ransomware attack.
If you want to learn more about the new Rorschach ransomware, just click this link.
Here are other stories we recently wrote about cybersecurity threats:
A recent report claimed that ransomware attacks started to focus on undermanned U.S.-based rural hospitals. Meanwhile, the BreachForum owner was arrested by the FBI due to email server hacking accusations.
For more news updates about security threats, always keep your tabs open here at TechTimes.
Related Article: BianLian Ransomware Crew Ditches Ransom Upon Encryption to Full-On Extortion: No More Free Decryptor Victims?
