Close

Get in Touch

Contact us to learn more about our elite cybersecurity services and industry-leading technologies.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Close
Breachquest

Emergency Incident Assistance

Is your network under attack? Get in touch with a
BreachQuest Specialist right away with this form.

You can also reach us by calling our 24/7 hotline.

+1 888 409 5811

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

You can also reach us by calling our 24/7 hotline.

+1 888 409 5811

Lorenz

First seen around May 2021, this group has since been targeting enterprise organizations worldwide, using a double extortion technique utilizing a data leak site (“DLS”) to house victims’ stolen and exposed data. If no ransom is paid after all the victims’ data is leaked as password-protected RAR archives, the group will release the password to access the archives to make the stolen files publicly available to anyone who wishes to download and view the stolen data. Following an analysis of the group’s malware, researchers at Dutch cybersecurity company Tesorion developed a decryption tool for this group’s ransomware that sometimes can decrypt files affected by Lorenz without paying a ransom. According to online sources, this group appears to be a variant of the ThunderCrypt ransomware group. However, it is not confirmed if Lorenz is the same group or may have purchased the ransomware source code to build its own variant.

Go Back Go to Glossary index
Share this article:

Sign up for our newsletter to get more industry news and insights.

Related Resources

Lorenz ransomware: analysis and a free decryptor

Learn more