A new ransomware Lorenz is making round

A new ransomware gang has been detected to target various organizations globally with their customized attacks. The ransomware is dubbed Lorenz and it has started it operation last month. It has made a growing list of victims since then.

What has happened?

Researchers have found that this ransomware is almost same as another ransomware named ThunderCrypt. However, they are not sure if Lorenz is created by the same group or the source code of ThunderCrypt has been purchased by someone else.

  • Lorenz starts with the breach of the network of the organization and then it spreads laterally to other devices until it gains the access to the credentials of Windows domain administrator.
  • The ransomware collects information while spreading through the system, and upload it to the remote server.
  • The ransomware does a process called double extortion, where they upload the stolen data to the dedicated data leak sites and pressurize the victim to y the ransom. Also, the data can be bought by other threat actors.

New way of leaking the stolen data-

Lorenz has devised an innovative trick to pressurize the victim to pay the ransomware-

  • The stolen data is kept for sale by the threat actors by releasing password protected data for leak archives with the data of the victim.
  • In case no ransomware is paid or the stolen data is not purchased by anyone, they make the data publicly available by releasing the password for the archive.
  • They also sell the network of the victim along with the data, which sometimes can be more useful.


This new ransomware is spreading fast with high ransom demand and customized attack. They also sell access to breached networks. So, it is important for the security professionals to keep an eye out for this kind of threats.

By Hrithik Lall

IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.

Leave a comment

Your email address will not be published.