MagTek, a Leading Provider of Payments and Identification Technology, Targeted by Lorenz Ransomware Group

Company Overview

MagTek is a company that specializes in providing secure payment and identity solutions. They offer a range of products, including secure card reader authenticators, check scanners, and PIN devices. MagTek also provides secure eCommerce and hosted payment pages with dynamic encryption, tokenization, and authentication. The company's Magensa Web Services offer a wide variety of payment options, including in-app payments, subscriptions, rewards, and loyalty programs.

Vulnerabilities and Targeting

The specific vulnerabilities that led to the successful attack on MagTek by the Lorenz ransomware group are not mentioned in the provided search results. However, it is known that the Lorenz group has been observed using a variety of tactics, techniques, and procedures (TTPs) to bypass security controls. In one case, they leveraged a compromised VPN account to regain access to the victim's environment and execute their attack.

Lorenz Ransomware Group

The Lorenz ransomware group has been active in exploiting vulnerabilities and bypassing security controls to carry out their attacks. They have been known to use tools like Magnet RAM Capture to bypass endpoint detection and response (EDR) systems. The group has also been observed using a Linux variant of NerbianRAT malware, which is capable of running Linux commands and supports various actions.

Impact and Response

The impact of the ransomware attack on MagTek is not detailed in the search results. However, it is mentioned that the Lorenz group has been known to exfiltrate data and demand ransom payments from their victims. It is recommended that organizations take steps to mitigate the risks of ransomware attacks, such as implementing robust security controls, regularly updating software and systems, and educating employees about cybersecurity best practices.

Sources

• MagTek
• SecurityAffairs
• Ransomwatch
• Arctic Wolf