Lorenz is a financially motivated ransomware group first observed in February 2021. It is believed to be a rebranding of the sZ40 ransomware, which emerged in October 2020, and potentially shares code with ThunderCrypt ransomware from May 2017. Lorenz operates with human interaction, customizing its attacks for each target, and is known for its unique multi-stage double extortion model. This model involves exfiltrating data, then attempting to sell it to other threat actors or competitors before eventually publishing password-protected archives, and ultimately releasing the passwords publicly if ransom demands remain unmet. The group engages in "big-game hunting," primarily targeting larger organizations for significant ransom payments, typically ranging from $500,000 to $700,000, and sometimes millions.

URLs nuevas detectadas en IntelTracker