top of page
  • Pervez Delawalla

Rorschach Ransomware

With an increasing number of Users, devices and programs in the modern era, combined with quintillion bytes of data creation every day the role of cybersecurity in our life continues to grow.

The growing volume and sophistication of cyber attackers and attack techniques compound the problem even further.

Ransomware is one of the dangerous weapons we are dealing with now adays by those attackers. After several deadly Malware and Ransomware, now there is a new challenge for all of us.

Rorschach, a newly detected ransomware is being flagged by researchers and developers as an emergent and highly dangerous threat to individuals and organizations.

The ransomware has several built-in options, which are concealed, obscured, and can only be accessed through reverse engineering the ransomware.

Rorschach or Bab Lock attackers aim at small and medium-sized businesses or industrial companies.

It can encrypt 220,000 local drive files in just four and a half minutes.

By comparison, Lock Bit 3.0 needed roughly double the time to accomplish the same task.

Rorschach can automatically spread if run on a domain controller, which is more threatening itself.

This Ransomware has already claimed at least one victim in the US.

Rorschach ransomware uses a fast and highly effective hybrid-cryptography formula, targets both Windows and Linux operating systems.

How it works:

Rorschach will start encrypting data only if the victim machine is configured with a language outside the Commonwealth of Independent States.

Once the Rorschach ransomware is executed on a Windows Domain Controller, it automatically generates a Group Policy and replicates itself to the %Public% folder of other devices within the domain. After locking the system, the malware drops a ransom note similar to the format used by the Yanlowang ransomware.

The victim might not even realize it at first, the only signs being odd drops in file associations, lag times, and slowdowns. You might chalk it up to a glitch until the IT department calls you with the bad news, “We’ve been breached,” and when you glance down to your screen and see the inevitable truth in black and white or red or skull and crossbones with the message.

What to do:

It’s time to take more steps, be more vigilant about your systems, networks or organizations.

Increase your productivity & cybersecurity defense through quality services provided by seasoned veterans in the IT industry, like Veganext.

VegaNext brings over 50 years of expertise to meet your IT challenges, including a full range of consulting services and full-stack cybersecurity solutions.

VegaNext’s Cybersecurity services equip your business with a comprehensive range of security measures to combat today’s online and internal threats.

These include web protection, patch management, email security, multi-factor authentication, backup and storage, and more. Additionally, our engineering team monitors, tracks, and resolves issues 24/7/365, preventing any intrusions from disrupting your operations.

17 views0 comments
bottom of page