Hensoldt, a multinational defense contractor headquartered in Germany, has confirmed that some of its UK subsidiary’s systems have been compromised by a ransomware attack.
The multinational defense company develops sensor solutions for defence, aerospace and security applications, is listed on the Frankfurt Stock Exchange and had a turnover of 1.2 billion euros in 2020.
It operates in the United States under a special agreement that allows it to apply for classified and sensitive US government contracts.
Its products include radar arrays, avionics and laser range finders used on M1 Abrams tanks, various helicopter platforms and Littoral Combat Ship (LCS) by the US Army, US Marine Corps and US National Guard. .
Hensold announcement on Thursday that it equips the German-Norwegian U212 CD submarines built by the kta consortium with new-generation fully digital optronic equipment.
While the company has yet to issue a public statement regarding this incident, the Lorenz ransomware gang has already claimed responsibility for the attack.
On Wednesday, a spokesperson for Hensholdt confirmed Lorenz’s claims after contacting BleepingComputer via email.
“I can confirm that a small number of mobile devices from our UK subsidiary were affected,” Lothar Belz, public relations manager at Hensoldt, told BleepingComputer.
However, Belz denied providing any additional information regarding the incident, saying that “for obvious reasons, we do not release further details in such cases.”
Ransomware Gang Says They’ve Been Paid
For its part, the Lorenz ransomware group claims to have stolen an undisclosed amount of files from Hensholdt’s network during the attack.
The gang claims a payout has been made, with 95% of all stolen files posted on the ransomware’s data leak website since December 8, 2021, when the Hensoldt leak page was created.
While Lorenz shows the leak is “paid for”, it’s unclear whether this means Hensoldt paid a ransom or another threat actor purchased the data.
Indeed, the Lorenz ransomware gang is known to sell stolen data to other threat actors in order to pressure victims into paying ransoms.
If no ransom is paid after all data is leaked as password protected RAR archives, Lorenz will also release the password to access the data leaked archives to make the stolen files publicly available to anyone who downloads the leaked archives.
This ransomware gang will also sell access to victims’ internal networks to other threat actors, along with any stolen data.
Lorenz began operations in April 2021 and has since targeted businesses around the world, demanding hundreds of thousands of dollars in ransoms from each of their victims.
In June, Dutch cybersecurity firm Tesorion released a free Lorenz ransomware decryptor, which victims can use to recover certain types of files, including Office documents, PDFs, images, and videos.
- ALPHV BlackCat – This year’s most sophisticated ransomware
- BlackMatter ransomware victims quietly helped use secret decryptor
- US says Russian state hackers lurked in defense contractor networks for months
- FBI shares Lockbit ransomware technical details, defense tips
- REvil ransomware is back in full attack and data leak mode