lorenz attacks Gresco
Incident Date:
July 13, 2022
Overview
Title
lorenz attacks Gresco
Victim
Gresco
Attacker
Lorenz
Location
First Reported
July 13, 2022
Gresco, a Player in the Energy, Utilities & Waste Sector, Targeted by Lorenz Ransomware Group
Gresco, a company that offers a variety of cost-effective solutions and services to improve operational efficiency and minimize costs, has been targeted by the Lorenz ransomware group. The company operates in the Energy, Utilities & Waste sector and has a network of strategically-located warehouses to serve customers in new and emerging markets throughout the US.
Company Size and Unique Selling Proposition
Gresco is a company that strives to build relationships with its industry partners, offering a vast, readily available inventory, added-value services, and on-site assistance to meet and exceed customer expectations. The company's unique selling proposition is its commitment to understanding its customers' needs and exceeding their expectations, making it a valuable partner in the Energy, Utilities & Waste sector.
Vulnerabilities and Targeting
The Lorenz ransomware group targeted Gresco by exploiting a vulnerability in the Mitel Service Appliance component of MiVoice Connect, specifically CVE-2022-29499, a remote code execution vulnerability. This vulnerability allowed the attackers to obtain a reverse shell and subsequently use Chisel as a tunneling tool to pivot into the environment. The attackers also employed a high degree of Operational Security (OPSEC) and used Living Off the Land Binaries (LOLBins) to gain access to 0day exploits.
Mitigation Strategies
To mitigate the risk of ransomware attacks, organizations should implement logical network segmentation based on privileges, limit a threat actor's ability to move laterally, and monitor all externally facing devices for potential malicious activity, including VoIP and IoT devices. Additionally, implementing a robust incident response plan and regularly updating software and security protocols can help prevent and mitigate the impact of ransomware attacks.
Sources
- Gresco Homepage
- Arctic Wolf Labs: Lorenz Ransomware Group Cracks MiVoice And Calls Back For Free
- NCC Group: Unmasking Lorenz Ransomware: A Dive into Recent Tactics, Techniques and Procedures
- Avertium: An In-Depth Look at Lorenz Ransomware
- YouTube: Lorenz Ransomware Intrusion: Understanding Your Risk
- Blackpoint Cyber: In the Chaos of Lorenz, APG Sorted It Out
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.