A new ransomware operation known as Lorenz targets organizations around the world with tailored attacks demanding hundreds of thousands of dollars in ransom. The Lorenz ransomware gang started operations last month and has since accumulated a growing list of victims whose stolen data has been posted on a ransomware data breach site as we see it in most ransomware.

According to experts, the encryption of Lorenz ransomware is the same as that of a previous operation known as ThunderCrypt but… it is not yet known if the authors are the same or not, what is known is that this threat as well as other attacks of human-managed ransomware, Lorenz will breach a network and spread laterally to other devices until they have access to Windows domain administrator credentials.

As new types of ransomware emerge, researchers decipher some strains, but others get new variants, and it can feel like a game of cat and mouse, in which proactivity is vital. As we always say paying the ransom never guarantees that you will actually get your data back as it could still end up for sale on the Dark Web.

Unlike other ransomware gangs, Lorenz pressures its victims to pay the ransom by making the data available for sale to other attackers or potential competitors. After a while, they start to publish password protected RAR files with the victim’s confidential information. Finally, if the victim does not pay the ransom and the data is not purchased, Lorenz releases the password for the files so that they are publicly available to anyone who downloads the files.

Unfortunately, the threats of the network will always be present since cybercriminals only seek their own benefit and that is why we must always be vigilant and ready to take action against them and thus not be an easy prey for these criminals.

Other reads:
Avaddon, the ransomware that uses DDoS attacks
Qlocker new ransomware that puts QNAP devices at risk


Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *