SentinelOne Vs. Lorenz Ransomware – Prevention and Detection

Lorenz Ransomware was initially observed in early (January/February of 2021). Over time, the ransomware has evolved to align itself (feature-wise) with other more well-known contemporaries. Lorenz operators embrace the multi-pronged extortion approach, and they host a blog with victim names and leaked data (for those that fail to “comply”).

Initial delivery of the ransomware is often handled via 3rd party framework, once persistence in the target environment has been established. Lorenz campaigns tend to be highly specific and well researched. Similar to other ransomware families, Lorenz will attempt to inhibit system recovery by destroying Volume Shadow Copies. This is in addition to other system modifications.

#cybersecurity #infosec #ransomware #lorenz