Lorenz ransomware gang stolen files from defense contractor Hensoldt

German multinational defense contractor Hensoldt confirmed to that some of its systems were infected by Lorenz ransomware.

Hensoldt, a multinational defense contractor, confirmed that some of its UK subsidiary’s systems were infected with Lorenz ransomware. This week a Hensholdt spokesperson confirmed the security breach to BleepingComputer explaining that a small number of mobile devices in its UK subsidiary has been affected.

The Lorenz ransomware gang has been active since April and hit multiple organizations worldwide demanding hundreds of thousands of dollars in ransoms to the victims.

Like other ransomware gangs, Lorenz operators also implement double-extortion model by stealing data before encrypting it and threatening them if the victim doesn’t pay the ransom. Ransom demands have been quite high, between $500.000 and $700.000.

Hensoldt AG focuses on sensor technologies for protection and surveillance missions in the defence, security and aerospace sectors. The company is listed on the Frankfurt Stock Exchange, its main product areas are radar, optoelectronics, and avionics.

The defense multinational develops sensor solutions for defense, aerospace, and security applications, is listed on the Frankfurt Stock Exchange, its revenue was 1.2 billion euros in 2020.

The company has classified and sensitive contracts with the US government, its products include and equip tanks, helicopter platforms, submarines, Littoral Combat Ships among others.

The Lorenz ransomware gang has already added the company name of the compromised organizations on its Tor leak site.

At the time of this writing, the ransomware group claims to have already uploaded 95% of all stolen files to its leak site.

The gang labeled the archive file as “Paid,” this means that the Hensoldt one someone else has paid to avoid the files being leaked.

Researchers from cybersecurity firm Tesorion analyzed the Lorenz ransomware and developed a decryptor that in some cases could allow victims to decrypt their files for free. 

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Hensoldt)

[adrotate banner=”5″]

[adrotate banner=”13″]