Breaking news out of Check Point Research on the fastest ever ransomware, code-name ‘Rorschach’.
The key takeaways?
It uses a DLL side-loading technique, does not provide any branding, shares some functionality with LockBit 2.0, and technically unique features.
It side-loads a DLL used by Palo Alto Networks’ Cortex XDR Dump Service Tool (a signed security tool). The vulnerability has since been reported to Palo Alto Networks. It spreads using a domain controller, via the group policy server.
For more information, please check out Check Point Research’s Release Bulletin.