Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Lorenz ransomware gang stolen files from defense contractor Hensoldt

German multinational defense contractor Hensoldt confirmed to that some of its systems were infected by Lorenz ransomware. Hensoldt, a multinational defense contractor, confirmed that some of its UK subsidiary’s systems were infected with Lorenz ransomware. This week a Hensholdt spokesperson confirmed the security breach to BleepingComputer explaining that a small number of mobile devices in its […]

Hensoldt Lorenz ransomware

German multinational defense contractor Hensoldt confirmed to that some of its systems were infected by Lorenz ransomware.

Hensoldt, a multinational defense contractor, confirmed that some of its UK subsidiary’s systems were infected with Lorenz ransomware. This week a Hensholdt spokesperson confirmed the security breach to BleepingComputer explaining that a small number of mobile devices in its UK subsidiary has been affected.

The Lorenz ransomware gang has been active since April and hit multiple organizations worldwide demanding hundreds of thousands of dollars in ransoms to the victims.

Like other ransomware gangs, Lorenz operators also implement double-extortion model by stealing data before encrypting it and threatening them if the victim doesn’t pay the ransom. Ransom demands have been quite high, between $500.000 and $700.000.

Hensoldt AG focuses on sensor technologies for protection and surveillance missions in the defence, security and aerospace sectors. The company is listed on the Frankfurt Stock Exchange, its main product areas are radar, optoelectronics, and avionics.

The defense multinational develops sensor solutions for defense, aerospace, and security applications, is listed on the Frankfurt Stock Exchange, its revenue was 1.2 billion euros in 2020.

The company has classified and sensitive contracts with the US government, its products include and equip tanks, helicopter platforms, submarines, Littoral Combat Ships among others.

The Lorenz ransomware gang has already added the company name of the compromised organizations on its Tor leak site.

Hensoldt Lorenz ransomware

At the time of this writing, the ransomware group claims to have already uploaded 95% of all stolen files to its leak site.

The gang labeled the archive file as “Paid,” this means that the Hensoldt one someone else has paid to avoid the files being leaked.

Researchers from cybersecurity firm Tesorion analyzed the Lorenz ransomware and developed a decryptor that in some cases could allow victims to decrypt their files for free. 

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Hensoldt)

[adrotate banner=”5″]

[adrotate banner=”13″]