Durham Constabulary have issued the below advice following a ransomeware attack on a Newcastle law firm.

Cyber Alert to Law firms following a recent cyber attack on a law firm.

Threat

Lorenz is a highly sophisticated threat group that tailors malware and toolsets for targeted attacks on organisations around the globe.

Lorenz ransomware is human-operated. Like most attacks carried out with such ransomware, after a network is breached, the threat actors will spread laterally to other devices until they obtain access to Windows domain administrator credentials.

Lorenz looks to encrypt data and extract data from the victim network and publish the breach on leak sites.

Advice

Consider where your business critical and sensitive data is stored. Consider encryption on data in transit and data at rest.

Review your patch management strategy. Make sure business-critical (and non) systems are up to date.

Review your backup schedule. Keep offline, secure backups of business-critical data.

Remind staff to be vigilant to phishing and spear-phishing attempts

Indicators of Compromise and a Decryption Key are available for Lorenz at https://www.nomoreransom.org/en/decryption-tools.html

For more information, visit Mitigating malware and ransomware attacks - NCSC.GOV.UK