Malware researchers at cybersecurity company Check Point discovered what it could be fastest encrypting ransomware ever. Rorschach was used to attack a US company and has “technically unique abilities”.
Hackers exploited a weakness in the target’s threat detection. They used a reverse engineered sideloading technique to distribute the virus. The malware compromises the machine, deleting application, security, system and Windows Powershell logs, removing traces.
The ransomware encrypts the victim’s data only when the computer is in a language other than the Commonwealth of Independent States (CIS), which includes the countries of the former Soviet Union. In five tests, the researchers observed 220,000 files are encrypted by rorschach in an average of 4 minutes and 30 seconds. By comparison, LockBit 3.0 takes 7 minutes.
“The Rorschach ransomware uses a highly efficient and fast hybrid encryption scheme that combines the curve25519 and eSTREAM cipher hc-128 algorithms for encryption purposes,” said researchers Jiri Vinopal, Dennis Yarizadeh and Gil Gekker.
By analyzing the source code more deeply, They noted similarities with Babuk and LockBit 2.0, which were leaked in September 2021. Ransom messages sent to victims are similar to Yanluowang and DarkSide.
In addition to the US invasion, rorschach attacks have been detected in Europe, the Middle East and Asia.
Source: Tec Mundo
I am a passionate and hardworking journalist with an eye for detail. I specialize in the field of news reporting, and have been writing for Gadget Onus, a renowned online news site, since 2019. As the author of their Hot News section, I’m proud to be at the forefront of today’s headlines and current affairs.
