lorenz attacks Tosoh Bioscience LLC
Incident Date:
May 4, 2022
Overview
Title
lorenz attacks Tosoh Bioscience LLC
Victim
Tosoh Bioscience LLC
Attacker
Lorenz
Location
First Reported
May 4, 2022
Tosoh Bioscience LLC Targeted by Lorenz Ransomware Group
Tosoh Bioscience LLC, a subsidiary of Tosoh Corporation, has been targeted by the Lorenz ransomware group. The company operates in the manufacturing sector and is known for its contributions to monitoring life-threatening diseases and certain cancers, preventing epidemics, purifying water, monitoring the environment, and improving living conditions worldwide.
Company Size and Industry Standing
Tosoh Bioscience LLC is a part of Tosoh Corporation, a global company with a wide range of products and services. The company's website showcases their commitment to innovation and quality, offering a variety of specialty products and services in the analytical HPLC columns, chromatographic resins, and GPC instruments sectors.
Vulnerabilities and Targeting
The Lorenz ransomware group has been active since at least February 2021 and primarily targets small and medium businesses (SMBs). The group employs double-extortion tactics, exfiltrating sensitive data before encrypting systems and threatening to sell or release it publicly unless a ransom is paid. In the case of Tosoh Bioscience LLC, the attackers gained access to the company's network and stole unencrypted files from servers, which were then uploaded to the internet for further ransom schemes or sold on the web.
Ransomware Attack Details
The Lorenz ransomware group uses AES encryption and relies on an embedded RSA key to encrypt the encryption key. Victims receive a dedicated Tor payment site from which they can pay ransoms in the form of Bitcoin. The group has been known to issue specific commands from the local network's domain controller and uses DLL encryption with the current epoch time as a seed for a random number generator.
Mitigation Strategies
To mitigate the risk of ransomware attacks, organizations should implement logical network segmentation based on privileges, restricting domain administrators from logging into workstations, and monitoring all externally facing devices for potential malicious activity, including VoIP and IoT devices. Continuous monitoring and analysis are crucial to stay ahead of evolving ransomware tactics.
Sources
- Tosoh Bioscience LLC Website: https://www.tosohbioscience.com/
- Cybereason vs. Lorenz Ransomware: https://www.cybereason.com/blog/research/cybereason-vs.-lorenz-ransomware
- Lorenz Ransomware Details: https://www.ransomlook.io/group/lorenz
- Lorenz Ransomware, a New Double Extortion Strategy: https://www.cybertalk.org/the-worst-outcomes-lorenz-ransomware-a-new-double-extortion-strategy/
- Unmasking Lorenz Ransomware: A Dive into Recent Tactics, Techniques and Procedures: https://research.nccgroup.com/2024/02/22/unmasking-lorenz-ransomware-a-dive-into-recent-tactics-techniques-and-procedures/
- Lorenz Ransomware Group Cracks MiVoice And Calls Back For Free: https://arcticwolf.com/resources/blog/lorenz-ransomware-chiseling-in/
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.