Security News > 2022 > September > Lorenz ransomware breaches corporate network via phone systems
The Lorenz ransomware gang now uses a critical vulnerability in Mitel MiVoice VOIP appliances to breach enterprises, using their phone systems for initial access to their corporate networks.
While these incidents weren't linked to a specific ransomware gang, Arctic Wold Labs was able to attribute similar malicious activity to the Lorenz gang with high confidence.
The Lorenz ransomware group has been targeting enterprise organizations worldwide since at least December 2020, demanding hundreds of thousands of dollars in ransom from each victim.
Michael Gillespie of ID Ransomware has told BleepingComputer that the Lorenz encryptor is the same as the one used by a previous ransomware operation known as ThunderCrypt.
If ransoms aren't paid after leaking the stolen data as password-protected RAR archives, Lorenz also releases the password to access the leaked archives to provide public access to the stolen files.
In June 2021, Dutch cybersecurity firm Tesorion released a free Lorenz ransomware decryptor that can be used to recover some file types, including Office documents, PDF files, images, and videos.