Lorenz Ransomware Group Attacks Two New Targets

By Alex Popa . 15 September 2023

Cybersecurity Journalist

On September 12th, 2023, the Lorenz ransomware group added two new victims to their Dark Web portal. The victims are Dee Sign Co. and BF&S Civil Engineers. The hackers provided a few samples from the stolen data on their portal.

Highlights:

The affected companies are Dee Sign Co., a company selling real estate signs, and BF&S Civil Engineers, a civil engineering company
The hacker group posted samples from the stolen data on their dark web portal
It is thought that the Lorenz ransomware has design and implementation flaws that make it impossible to decrypt with the decrypting tools provided by the attackers
It is not yet known whether the two companies were provided with a ransom note, whether they paid it, or whether they managed to decrypt their files

The data breach resulted in the two companies losing sensitive information to the hacker group. As of this moment, it is unclear how much information was lost or the type of impact it has on private or corporate entities.

Lorenz Ransomware Group

https://twitter.com/FalconFeedsio/status/1701598971800777029

The two companies affected by this data breach are not newcomers to the market. They’ve been around for multiple decades, which makes them prime targets for hackers such as the Lorenz group.

Who Is the Lorenz Group?

The Lorenz group came into the public eye sometimes in 2021, when Michael Gillspie of ID Ransomware talked to BleepingComputer about the Lorenz ransomware. Apparently, this was a variation of the previous ThunderCrypt.

On their official Dark Web site, they had listed 12 victims back in 2021. Right now, there should be many more.

The group acts a little different compared to other similar ransomware groups:

They being the infiltration a couple of months in advance, spreading laterally until they hijack a large portion of the victim’s systems 
They publish the data on a dedicated data leak site
They put the data up for sale to pressure the victim into paying the ransom. Over time, the group releases password-protected RAR archives that contain the victim’s data
If the ransom is not paid and no one buys the data, then Lorenz releases all the stolen files publicly, and anyone can access them
Lorenz also sells access to the victim’s internal network

The Lorenz group have already established themselves as a highly-dangerous threat actor in the online space. They’ve targeted organizations all over the world, demanding payments ranged from $500,000 to $700,000.

However, there was a period when Lorenz ransomware demanded multi-million-dollar ransom demands.

One thing is clear – Lorenz poses an ever-increasing risk to online companies, and their reputation is quickly growing out of proportions.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Technology Analyst & Data Privacy Journalist Alex is an avid proponent of informational security and data privacy. Given how easily online information disseminates and how cybercriminals are always stepping up their game, self-security becomes a necessity. Alex has direct experience with many tools of the trade like 1Password, YubiKey, Ledger, VPNs, and he has an evergreen interest in emerging security technologies. Which is to say he’s geeking out on them a lot. You’ll often find him reading up on cybersecurity stats or the latest ransomware attacks, staying up-to-date with the evolution of informational security and infiltration tactics. Alex is also an experienced journalist, which makes him great at putting tech-savvy and complex topics into easy-to-understand guides and reports.

Cookie	Duration	Description
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.

Lorenz Ransomware Group Attacks Two New Targets: BF&S Civil Engineers and Dee Sign Co.

Who Is the Lorenz Group?

Our Mission

Alex Popa

Leave a Comment Cancel