lorenz attacks Magtek

Incident Date:

May 19, 2022

World map

Overview

Title

lorenz attacks Magtek

Victim

Magtek

Attacker

Lorenz

Location

, USA

California, USA

First Reported

May 19, 2022

MagTek, a Leading Provider of Payments and Identification Technology, Targeted by Lorenz Ransomware Group

Company Overview

MagTek is a company that specializes in providing secure payment and identity solutions. They offer a range of products, including secure card reader authenticators, check scanners, and PIN devices. MagTek also provides secure eCommerce and hosted payment pages with dynamic encryption, tokenization, and authentication. The company's Magensa Web Services offer a wide variety of payment options, including in-app payments, subscriptions, rewards, and loyalty programs.

Vulnerabilities and Targeting

The specific vulnerabilities that led to the successful attack on MagTek by the Lorenz ransomware group are not mentioned in the provided search results. However, it is known that the Lorenz group has been observed using a variety of tactics, techniques, and procedures (TTPs) to bypass security controls. In one case, they leveraged a compromised VPN account to regain access to the victim's environment and execute their attack.

Lorenz Ransomware Group

The Lorenz ransomware group has been active in exploiting vulnerabilities and bypassing security controls to carry out their attacks. They have been known to use tools like Magnet RAM Capture to bypass endpoint detection and response (EDR) systems. The group has also been observed using a Linux variant of NerbianRAT malware, which is capable of running Linux commands and supports various actions.

Impact and Response

The impact of the ransomware attack on MagTek is not detailed in the search results. However, it is mentioned that the Lorenz group has been known to exfiltrate data and demand ransom payments from their victims. It is recommended that organizations take steps to mitigate the risks of ransomware attacks, such as implementing robust security controls, regularly updating software and systems, and educating employees about cybersecurity best practices.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.