Lorenz is a new ransomware family, infecting their first victims in April this year. Like many others, Lorenz also double extorts their victims, hoping that if encrypted data won’t be enough to convince their victims to pay, threatening to publish the stolen data will be. Dutch cybersecurity company Tesorion released a blog post last Friday detailing some of their analysis on this new ransomware, and with it came both good and bad news. The good news is the company is working with the No More Ransom Project to release a free decryptor for victims of this ransomware. Unfortunately, though, Tesorion also found that flaws in the encryption process cause file sizes in multiples of 48 bytes (before encryption) to become corrupt or lose the last 48 bytes of data. The free decryptor will support Microsoft Office documents, PDFs, and some image and video formats.
Tesorion and the NoMoreRansom project have not yet made the decryptor available. Binary Defense advises anyone affected by this ransomware strain to watch for updates on nomoreransom.org for the decryptor to be released. Binary Defense also highly recommends reading and implementing steps from the CISA (Cybersecurity & Infrastructure Agency) and NCSC (National Cyber Security Centre) ransomware guides. The guides contain detailed information that any organization can use, describing in detail how to backup and protect data, create incident response plans and more.