Lorenz ransomware gang stolen files from defense contractor Hensoldt

German multinational defense contractor Hensoldt confirmed to that some of its systems were infected by Lorenz ransomware.

Hensoldt, a multinational defense contractor, confirmed that some of its UK subsidiary’s systems were infected with Lorenz ransomware. This week a Hensholdt spokesperson confirmed the security breach to BleepingComputer explaining that a small number of mobile devices in its UK subsidiary has been affected.

The Lorenz ransomware gang has been active since April and hit multiple organizations worldwide demanding hundreds of thousands of dollars in ransoms to the victims.

Like other ransomware gangs, Lorenz operators also implement double-extortion model by stealing data before encrypting it and threatening them if the victim doesn’t pay the ransom. Ransom demands have been quite high, between $500.000 and $700.000.

Hensoldt AG focuses on sensor technologies for protection and surveillance missions in the defence, security and aerospace sectors. The company is listed on the Frankfurt Stock Exchange, its main product areas are radar, optoelectronics, and avionics.

The defense multinational develops sensor solutions for defense, aerospace, and security applications, is listed on the Frankfurt Stock Exchange, its revenue was 1.2 billion euros in 2020.

The company has classified and sensitive contracts with the US government, its products include and equip tanks, helicopter platforms, submarines, Littoral Combat Ships among others.

The Lorenz ransomware gang has already added the company name of the compromised organizations on its Tor leak site.

At the time of this writing, the ransomware group claims to have already uploaded 95% of all stolen files to its leak site.

The gang labeled the archive file as “Paid,” this means that the Hensoldt one someone else has paid to avoid the files being leaked.

Researchers from cybersecurity firm Tesorion analyzed the Lorenz ransomware and developed a decryptor that in some cases could allow victims to decrypt their files for free.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Hensoldt)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.