"Mysterious 'Rorschach' Ransomware Doubles Known Encryption Speeds"

Rorschach is a potentially record-breaking ransomware in regard to encryption speeds. It has been found in the wild, locking up systems at nearly twice the rate of the infamous LockBit 3.0 malware. According to tests conducted by Check Point Research (CPR), Rorschach can encrypt 220,000 local drive files within four and a half minutes. In comparison, LockBit 3.0 completed the task in seven minutes, which is significantly faster than the median encryption time determined through testing in the previous year. Even more noteworthy is the fact that Rorschach ransomware is highly configurable. CPR analysis found that by adjusting the number of encryption threads via the command line argument, it is possible to achieve even faster times. In addition to its efficiency, Rorschach is notable because it contains known components taken from the leaked source code of other ransomware strains. The operators behind Rorschach do not use an alias or brand their malware, which is rare in the ransomware realm, where reputation is important, and self-promotion is rampant. Therefore, the resulting malware strain is open to interpretation regarding who its operators are and how it fits into the ecosystem. This article continues to discuss researchers' findings regarding the new Rorschach ransomware.

Dark Reading reports "Mysterious 'Rorschach' Ransomware Doubles Known Encryption Speeds"