Check Point Research has discovered a new ransomware called Rorschach that is both sophisticated and fast. Rorschach is unique in its customization and technically unique features. In fact, Rorschach is one of the fastest ransomware strains ever observed, in terms of the speed of its encryption. The cybersecurity firm said it observed the ransomware deployed against an unnamed U.S.-based company. Further analysis of Rorschach's source code reveals similarities to Babuk ransomware, which suffered a leak in September 2021, and LockBit 2.0. The most significant aspect of the intrusion is the use of a technique called DLL side-loading to load the ransomware payload, a method not observed in such attacks. This development marks a new sophistication in the approaches adopted by financially motivated groups to sidestep detection.
top of page
bottom of page