lorenz attacks Gresco

Incident Date: Jul 13, 2022

Attack Overview

VICTIM

Gresco

INDUSTRY

Energy, Utilities & Waste

LOCATION

USA

ATTACKER

Lorenz

FIRST REPORTED

July 13, 2022

Request Removal

Gresco, a Player in the Energy, Utilities & Waste Sector, Targeted by Lorenz Ransomware Group

Gresco, a company that offers a variety of cost-effective solutions and services to improve operational efficiency and minimize costs, has been targeted by the Lorenz ransomware group. The company operates in the Energy, Utilities & Waste sector and has a network of strategically-located warehouses to serve customers in new and emerging markets throughout the US.

Company Size and Unique Selling Proposition

Gresco is a company that strives to build relationships with its industry partners, offering a vast, readily available inventory, added-value services, and on-site assistance to meet and exceed customer expectations. The company's unique selling proposition is its commitment to understanding its customers' needs and exceeding their expectations, making it a valuable partner in the Energy, Utilities & Waste sector.

Vulnerabilities and Targeting

The Lorenz ransomware group targeted Gresco by exploiting a vulnerability in the Mitel Service Appliance component of MiVoice Connect, specifically CVE-2022-29499, a remote code execution vulnerability. This vulnerability allowed the attackers to obtain a reverse shell and subsequently use Chisel as a tunneling tool to pivot into the environment. The attackers also employed a high degree of Operational Security (OPSEC) and used Living Off the Land Binaries (LOLBins) to gain access to 0day exploits.

Mitigation Strategies

To mitigate the risk of ransomware attacks, organizations should implement logical network segmentation based on privileges, limit a threat actor's ability to move laterally, and monitor all externally facing devices for potential malicious activity, including VoIP and IoT devices. Additionally, implementing a robust incident response plan and regularly updating software and security protocols can help prevent and mitigate the impact of ransomware attacks.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.