Laddawn Inc. Suffers Ransomware Attack by Lorenz Group

Laddawn Inc., a subsidiary of Berry Global Company, recently fell victim to a ransomware attack orchestrated by the Lorenz group. This entity has been operational since 1996, boasting ISO 9001 registration and a reputation for precision and philanthropy, notably donating $1 for every online order exceeding $100.

The Lorenz ransomware group, active since February 2021, predominantly preys on small and medium-sized businesses (SMBs) within the United States, though it has also targeted entities in China and Mexico. This group employs a double-extortion scheme, initially exfiltrating data before encrypting the victim's systems and subsequently threatening to sell or publicly release the data unless a ransom is paid.

This incident underscores a growing trend among ransomware groups to target less conspicuous or monitored assets, thereby evading detection. In Laddawn's case, the attackers exploited a vulnerability in the Mitel MiVoice VoIP appliance (CVE-2022-29499) to facilitate initial access.

To counteract the threat of ransomware, it is imperative for organizations to adopt a comprehensive security strategy. This includes deploying anti-malware solutions, conducting regular security audits, educating employees on cybersecurity best practices, and establishing a solid backup and recovery protocol.

Sources

• Laddawn Inc. Website: https://www.laddawn.com
• Arctic Wolf Labs: Lorenz Ransomware Cracks MiVoice and Calls Back for Free: https://arcticwolf.com/resources/blog/lorenz-ransomware-chiseling-in/
• CyberTalk.org: Lorenz Ransomware, a new double-extortion strategy: https://www.cybertalk.org/the-worst-outcomes-lorenz-ransomware-a-new-double-extortion-strategy/
• SentinelOne: Lorenz Ransomware: In-Depth Analysis, Detection, and Mitigation: https://www.sentinelone.com/anthology/lorenz/