New Rorschach ‘malware’ contains high level of customization and high speed in its encryption

Researchers have identified a ‘malware’ called Rorschach, which offers a high level of customization and stands out for being one of the fastest strains in terms of encryption speed.

The Incident Response Team of the cybersecurity company Check Point (CPIRT) has found this malicious ‘software’ when responding to a ‘ransomware’ case against a company based in the United States.

In their research, the professionals found a unique ransomware strain capable of being deployed using a signed component of Palo Alto Network’s Crotex XDR. According to Check Point, this method “is not commonly used to upload ‘ransomware’, so it reveals a new approach taken by cybercriminals to evade detection,” as explained in a press release.

Unlike other ransomware cases, the threat author does not hide behind an alias and does not appear to be affiliated with any of the known ransomware groups. Thus, its behavior suggests that it is partially autonomous and propagates automatically when running on a Domain Controller (DC) while clearing event logs from affected machines.

On the other hand, the researchers have ensured that this ‘malware’ is “extremely flexible”, since it operates not only based on a built-in configuration that allows it to change its behavior according to the operator’s needs.

They have also pointed out that although it seems to have been inspired by some of the best-known ‘ransomware’ families, it also contains unique features, such as the use of direct ‘syscalls’, that is, calls to communicate with the system’s kernel.

Source: dpa

(Reference image source: FLY:D, Unsplash)

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on Twitter and Instagram