Lorenz is a new ransomware family, infecting their first victims in April this year. Like many others, Lorenz also double extorts their victims, hoping that if encrypted data won’t be enough to convince their victims to pay, threatening to publish the stolen data will be. Dutch cybersecurity company Tesorion released a blog post last Friday detailing some of their analysis on this new ransomware, and with it came both good and bad news. The good news is the company is working with the No More Ransom Project to release a free decryptor for victims of this ransomware. Unfortunately, though, Tesorion also found that flaws in the encryption process cause file sizes in multiples of 48 bytes (before encryption) to become corrupt or lose the last 48 bytes of data. The free decryptor will support Microsoft Office documents, PDFs, and some image and video formats.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased