SkuggaheimarRansomwareLorenz
LORENZ
RANSOMWARE
EXTORTION
RansomwareThreat IntelligenceMarch 24, 2025

Lorenz Ransomware Group

Lorenz is a exploits Mitel VoIP vulnerabilities for initial access. This profile covers the group's operations, tactics, known campaigns, and defensive recommendations.

Lorenz is a exploits Mitel VoIP vulnerabilities for initial access. This profile covers the group's operations, tactics, known campaigns, and defensive recommendations. This report provides Mjolnir Security's analysis of the group's operations, extortion model, known targeting, and recommended defenses.

Overview

Lorenz is a ransomware and/or data extortion operation tracked by Mjolnir Security. The group maintains a presence on the dark web where victim data is published to pressure payment. Operations typically involve double extortion: encrypting victim systems and threatening to leak stolen data.

Threat Level

Lorenz is an active ransomware/extortion threat. Organizations should review their ransomware readiness posture and ensure backup, detection, and incident response capabilities are current.

Tactics & Techniques

Common MITRE ATT&CK techniques observed in ransomware operations like Lorenz:

TechniqueDescription
T1486Data Encrypted for Impact
T1490Inhibit System Recovery
T1078Valid Accounts
T1059.001PowerShell Execution
T1567.002Exfiltration to Cloud Storage

Detection & Defense

Recommended defenses against Lorenz and similar ransomware groups:

How Mjolnir Security Can Help

Ransomware Defense & Response

Mjolnir Security provides ransomware readiness assessments, incident response, and threat intelligence to help organizations defend against extortion threats.

Ransomware Readiness Incident Response Threat Intelligence Red Team Assessment

Contact us: mjolnirsecurity.com

Written by: Mjolnir Security  |  Published: March 24, 2025
Related Reports
Ransomware Hub

All Ransomware Profiles

View All →
Threat Library

Full Threat Intelligence Catalog

Browse →