lorenz attacks Tosoh Bioscience LLC

Incident Date:

May 4, 2022

World map

Overview

Title

lorenz attacks Tosoh Bioscience LLC

Victim

Tosoh Bioscience LLC

Attacker

Lorenz

Location

King of Prussia, USA

Philadelphia, USA

First Reported

May 4, 2022

Tosoh Bioscience LLC Targeted by Lorenz Ransomware Group

Tosoh Bioscience LLC, a subsidiary of Tosoh Corporation, has been targeted by the Lorenz ransomware group. The company operates in the manufacturing sector and is known for its contributions to monitoring life-threatening diseases and certain cancers, preventing epidemics, purifying water, monitoring the environment, and improving living conditions worldwide.

Company Size and Industry Standing

Tosoh Bioscience LLC is a part of Tosoh Corporation, a global company with a wide range of products and services. The company's website showcases their commitment to innovation and quality, offering a variety of specialty products and services in the analytical HPLC columns, chromatographic resins, and GPC instruments sectors.

Vulnerabilities and Targeting

The Lorenz ransomware group has been active since at least February 2021 and primarily targets small and medium businesses (SMBs). The group employs double-extortion tactics, exfiltrating sensitive data before encrypting systems and threatening to sell or release it publicly unless a ransom is paid. In the case of Tosoh Bioscience LLC, the attackers gained access to the company's network and stole unencrypted files from servers, which were then uploaded to the internet for further ransom schemes or sold on the web.

Ransomware Attack Details

The Lorenz ransomware group uses AES encryption and relies on an embedded RSA key to encrypt the encryption key. Victims receive a dedicated Tor payment site from which they can pay ransoms in the form of Bitcoin. The group has been known to issue specific commands from the local network's domain controller and uses DLL encryption with the current epoch time as a seed for a random number generator.

Mitigation Strategies

To mitigate the risk of ransomware attacks, organizations should implement logical network segmentation based on privileges, restricting domain administrators from logging into workstations, and monitoring all externally facing devices for potential malicious activity, including VoIP and IoT devices. Continuous monitoring and analysis are crucial to stay ahead of evolving ransomware tactics.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.