Unmasking Lorenz Ransomware: A Dive into Recent Tactics, Techniques and Procedures
released on 2024-02-23 @ 08:35:14 AM
Recent investigations by NCC Group’s Digital Forensics and Incident Response (DFIR) Team in APAC have uncovered significant deviations in Lorenz’s Tactics, Techniques, and Procedures (TTPs), shedding light on the group’s evolving strategies. Key TTP changes include a new encryption extension, random strings for file and task names, binaries for persistence, scheduled tasks for enumeration, and a new encryption method using predictable seeds.