An unbranded ransomware strain that recently hit a US-based company is being deployed by attackers who are misusing a tool included in a commercial security product, Check Point researchers have found. The solution in question is Palo Alto Networks’ Cortex XDR, whose Dump Service Tool the attackers appropriated and are now misusing to side-load the DLL that decrypts and injects the (newly labeled) Rorschach ransomware. Rorschach’s execution flow (Source: Check Point) The peculiarities of Rorschach … More
The post Rorschach ransomware deployed by misusing a security tool appeared first on Help Net Security.