Security News > 2022 > September > Patch your Mitel VoIP systems, Lorenz ransomware gang is back on the prowl

The Lorenz ransomware gang is exploiting a vulnerability in Mitel VoIP appliances to break corporate networks.

Threat hunters with cybersecurity firm Arctic Wolf Labs recently found that Lorenz - a prolific group that has been around since at least early 2021 and lately is primarily targeting SMBs in the US, China, and Mexico - used a vulnerability in a MiVoice VoIP appliance from Mitel to get into a victim's network before deploying Microsoft's BitLocker Drive Encryption tool to encrypt the data.

Like many ransomware groups, Lorenz uses a double-extortion method, exfiltrating the victim's data before encrypting the systems and threatening to publicly disclose the data if the ransom isn't paid.

The Lorenz attackers initially got into the targeted company's network by exploiting a remote code execution vulnerability in a Mitel appliance on the network's perimeter.

While they didn't believe a large number of the Mitel devices were exposed to the internet or that the flaw was being targeted in wide-scale ransomware campaigns, "We are conscious of the fact that the proliferation of ransomware in general has continued to shape risk models for many organizations and that network perimeter devices are tempting targets for a variety of attackers," they wrote.

The increased targeting of VoIP appliances "Will force organizations to treat all hackable devices the same from an InfoSec perspective," IoT security shop Viakoo's CEO Bud Broomhead told The Register.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/09/13/lorenz_ransomware_mitel_voip/