The Lorenz ransomware gang began operating last month and has amassed a growing list of victims whose stolen data has been published on a data leak site. Lorenz will breach a network and spread laterally to other devices until they gain access to Windows domain administrator credentials. The gang sells the stolen data to other threat actors or competitors. It is not clear if Lorenz is the same group or purchased the source code to create its own variant. Each victim has a dedicated Tor payment site that includes the ransom demand in Bitcoin and a chat form.
Source: https://www.bleepingcomputer.com/news/security/meet-lorenz-a-new-ransomware-gang-targeting-the-enterprise/