Lorenz Ransomware Gang Goes After Enterprises in Different Industries

ProLock Partners With Qakbot

High-profile ransomware gangs have been gradually switching their focus from regular users to companies and enterprises. The latest ransomware threat to adopt this approach is the Lorenz Ransomware, and, unfortunately, this file-locker appears to be impossible to crack. Just like the DarkSide Ransomware hackers, these ones also threaten to release stolen files online if the victim does not agree to pay a ransom fee. According to researchers, Lorenz Ransomware's encryption mechanism appears to be similar to the one used by the ThunderCrypt Ransomware, another file-locker that first surfaced over two years ago. The DarkSide Ransomware gang recently attracted international attention because of their attack against the US-based Colonial Pipeline.

Unfortunately, Lorenz Ransomware's operators appear to be serious about their threats to publish the victim's data online – they have already set up a website to publish the data leaks, and the data of over ten victims is listed there.

It is not clear how the Lorenz Ransomware are distributing the malware and ensuring that it will reach their intended victim. So far, this ransomware gang uses two extortion techniques to get money from their victim – they offer to sell a decryptor, and they threaten to leak their files online. However, the criminals involved in this campaign have also decided to adopt a third method of extortion – they claim to sell access to the compromised networks. This is another reason why the victim might want to consider paying the ransom fee.

Allegedly, the criminals are executing the Lorenz Ransomware manually on the compromised system – this might mean that they first rely on other vulnerabilities or malware to get access to the network. The command they use to execute the Lorenz Ransomware also contains configuration information about the payload – process name, ransom note name, suffix to be used to mark locked files, etc. One of the victims had their files marked with the '.Lorenz.xz40' file extension.

After the attack is complete, the 'HELP_SECURITY_EVENT.html' ransom note is dropped on the system. It includes a custom TOR-based payment page for each victim – one of the pages asked for about 14 Bitcoin, or around $700,000. So far, no victims have opted to pay the ransom fee, so it is a matter of time to see whether Lorenz Ransomware's operators will end up releasing data publicly or selling access to the compromised networks.

May 17, 2021
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.