Rorschach – A New Sophisticated and Fast Ransomware

Key Findings

• Check Point Research (CPR) and Check Point Incident Response Team (CPIRT) encountered a previously unnamed ransomware strain, we dubbed Rorschach, deployed against a US-based company.


• Rorschach ransomware appears to be unique, sharing no overlaps that could easily attribute it to any known ransomware strain. In addition, it does not bear any kind of branding which is a common practice among ransomware groups.


• The ransomware is partly autonomous, carrying out tasks that are usually manually performed during enterprise-wide ransomware …

addition autonomous bear branding check check point deployment domain enterprise fast findings gpo group policy incident incident response incident response team key point policy practice ransomware ransomware groups research response rorschach rorschach ransomware sharing team