A new ransomware nicknamed “Rorschach” has been detected and is noted for being fast and evasive.

Check Point Research (CPR) says it encrypts nearly twice as fast as Lockbit, and is more sophisticated than traditional ransomware.

CPR said: “Rorschach combines tactics from multiple well-known attacks plus new unique features for maximum damage and evasion from cybersecurity solutions.

“Rorschach was deployed using DLL side-loading vulnerability of a signed commercial security product. CPR notified Palo Alto Networks of the vulnerability in their product. Check Point customers remain protected from Rorschach.”

Technically distinct

According to Sergey Shykevich, Threat Intelligence Group Manager at Check Point Research: “Just as a psychological Rorschach test looks different to each person, this new type of ransomware has high levels technically distinct features taken from different ransomware families – making it special and different from other ransomware families.

“This is the fastest and one of the most sophisticated ransomware we’ve seen so far.

“It speaks to the rapidly changing nature of cyberattacks and to the need for companies to deploy a prevention-first solution that can stop Rorschach from encrypting their data.”