This new ransomware could be the fastest encryptor ever seen

Newly discovered strain is beating LockBit at its own game

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurity researchers have recently uncovered a new strain ofransomwarewhich they argue is the fastest around.

After investigating a cyber-incident at a US company, experts at Check Point came across an unknown ransomware variant which, after a more thorough analysis, was dubbed Rorshach.

The researchers concluded Rorshach is the fastest ransomware strain around when it comes to encryption, testing the code by giving it 220,000 files on a 6-core CPU machine, to see how long it would take it to encrypt the files. Rorshach completed the task in four and a half minutes. For perspective, LockBit 3.0 previously held the record at seven minutes for the same job.

Confusing the researchers

While the ransomware’s operators are still unknown, the researchers do have a few ideas as to who might be behind it. The ransom note, they say, uses a format similar to the one used by the Yanlowang ransomware. They also said that the previous versions of malware used a ransom note similar to what DarkSide used, which tricked other researchers into believing that Rorshach was actually DarkSide.

When it comes to the ransomware’s technical specifications, the researchers found Rorshach supporting command-line arguments that can expand its functionality. However, the options are hidden, and can’t be accessed without reverse-engineering the malware. They also found that the encryptor will only go to work if it finds the target machine being configured with a language outside the Commonwealth of Independent States (CIS).

Clop ransomware may have infected even more victims than previously thought>Saks Fifth Avenue becomes latest Clop ransomware victim>Check out the best malware protection right now

As for the encryption scheme, it’s a mix of curve25519 and eSTREAM cipher hc-12 algorithms. The malware only encrypts parts of the file, which is a practice other ransomware developers implemented, as well, to speed up the encrypting process.

Rorschach’s encryption routine suggests “a highly effective implementation of thread scheduling via I/O completion ports,” the researchers concluded.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Another reason to avoid edge-lit 4K TVs: they may fail faster than others, according to this report