This new ransomware could be the fastest encryptor ever seen

Ransomware
(Image credit: Pixabay)

Cybersecurity researchers have recently uncovered a new strain of ransomware which they argue is the fastest around. 

After investigating a cyber-incident at a US company, experts at Check Point came across an unknown ransomware variant which, after a more thorough analysis, was dubbed Rorshach. 

The researchers concluded Rorshach is the fastest ransomware strain around when it comes to encryption, testing the code by giving it 220,000 files on a 6-core CPU machine, to see how long it would take it to encrypt the files. Rorshach completed the task in four and a half minutes. For perspective, LockBit 3.0 previously held the record at seven minutes for the same job.

Confusing the researchers

While the ransomware’s operators are still unknown, the researchers do have a few ideas as to who might be behind it. The ransom note, they say, uses a format similar to the one used by the Yanlowang ransomware. They also said that the previous versions of malware used a ransom note similar to what DarkSide used, which tricked other researchers into believing that Rorshach was actually DarkSide. 

When it comes to the ransomware’s technical specifications, the researchers found Rorshach supporting command-line arguments that can expand its functionality. However, the options are hidden, and can’t be accessed without reverse-engineering the malware. They also found that the encryptor will only go to work if it finds the target machine being configured with a language outside the Commonwealth of Independent States (CIS). 

As for the encryption scheme, it’s a mix of curve25519 and eSTREAM cipher hc-12 algorithms. The malware only encrypts parts of the file, which is a practice other ransomware developers implemented, as well, to speed up the encrypting process.

Rorschach’s encryption routine suggests "a highly effective implementation of thread scheduling via I/O completion ports,” the researchers concluded.

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
More reports claim 2024 was the worst year for ransomware attacks yet
Ransomware attack on a computer
Ransomware attacks surged in 2024 as hackers looked to strike faster than ever
ransomware avast
AI is helping hackers get access to systems quicker than ever before
Ransomware
Healthcare firms targeted by all-new ransomware strain
A group of 7 hackers, 6 slightly blurred in the background and one in the foreground, all wearing black with hoods pulled up over their heads. You cannot see their faces. The hacker in the foreground sits with an open laptop in front of them. The background, behind the hackers, is a Chinese flag
China government-linked hackers caught running a seriously dangerous ransomware scam
Latest in Security
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Latest in News
DeepSeek
Deepseek’s new AI is smarter, faster, cheaper, and a real rival to OpenAI's models
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring