lorenz attacks Bonneville

Incident Date:

June 27, 2022

World map



lorenz attacks Bonneville






Ogden, USA

Utah, USA

First Reported

June 27, 2022

Bonneville Collections Suffers Ransomware Attack

Company Overview

Bonneville Collections, a debt recovery agency with a history dating back to 1980, has been targeted by the ransomware group Lorenz. The attack was announced on the group's dark web leak site. Bonneville Collections is a member of ACA International, the largest consortium of collection agencies in the U.S. They participate in several ACA programs, including the Healthcare Services Program, the Internet & Check Services Program, and the Government Services Program. The company also holds memberships in various state and local chambers of commerce in the states they operate.


The specific vulnerabilities that led to the ransomware attack on Bonneville Collections have not been publicly disclosed. Nonetheless, ransomware attacks frequently exploit software weaknesses, outdated systems, or human errors, such as phishing emails or inadequately secured remote access points.


Ransomware attacks can significantly disrupt a company's operations by encrypting data and demanding payment for the decryption key. The financial and reputational repercussions can be profound, with recovery often being a protracted and expensive endeavor.


The response to a ransomware attack typically includes isolating the compromised systems, evaluating the damage's scope, and determining whether to pay the ransom or attempt data recovery independently. In certain instances, law enforcement agencies may offer assistance in identifying and apprehending the perpetrators.

The ransomware attack on Bonneville Collections underscores the persistent threat posed by cybercriminals. It is imperative for companies to maintain vigilance and adopt comprehensive cybersecurity measures to mitigate the risk of such attacks.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.