Check Point Research has posted its analysis of a new strain of partially autonomous ransomware with other concerning capabilities that researchers have labeled Rorschach. Check Point assesses that this strain does not appear to be related to any other ransomware family, nor does the threat actor behind it seem to be affiliated with any other criminal groups. Rorschach is highly customizable and appears to be able to autonomously propagate itself across a victim’s network under the right circumstances. Furthermore, improvements in its coding have significantly reduced the time necessary to encrypt a victim’s files.
Rorschach has not been observed being widely deployed. However, its impressive capabilities make it a notable variant to be aware of. Members are encouraged to keep abreast of existing and emerging ransomware strains for behaviors to defend against and reference CISA’s StopRansomware.gov for current guidance on effectively tackling ransomware. Read more at Check Point Research.