Lorenz Ransomware Group Attacks Two New Targets: BF&S Civil Engineers and Dee Sign Co.

Alex Popa

By Alex Popa . 15 September 2023

Cybersecurity Journalist

On September 12th, 2023, the Lorenz ransomware group added two new victims to their Dark Web portal. The victims are Dee Sign Co. and BF&S Civil Engineers. The hackers provided a few samples from the stolen data on their portal.


  • The affected companies are Dee Sign Co., a company selling real estate signs, and BF&S Civil Engineers, a civil engineering company
  • The hacker group posted samples from the stolen data on their dark web portal
  • It is thought that the Lorenz ransomware has design and implementation flaws that make it impossible to decrypt with the decrypting tools provided by the attackers
  • It is not yet known whether the two companies were provided with a ransom note, whether they paid it, or whether they managed to decrypt their files

The data breach resulted in the two companies losing sensitive information to the hacker group. As of this moment, it is unclear how much information was lost or the type of impact it has on private or corporate entities.

Lorenz Ransomware Group


The two companies affected by this data breach are not newcomers to the market. They’ve been around for multiple decades, which makes them prime targets for hackers such as the Lorenz group.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Who Is the Lorenz Group?

The Lorenz group came into the public eye sometimes in 2021, when Michael Gillspie of ID Ransomware talked to BleepingComputer about the Lorenz ransomware. Apparently, this was a variation of the previous ThunderCrypt.

On their official Dark Web site, they had listed 12 victims back in 2021. Right now, there should be many more.

The group acts a little different compared to other similar ransomware groups:

  • They being the infiltration a couple of months in advance, spreading laterally until they hijack a large portion of the victim’s systems

  • They publish the data on a dedicated data leak site
  • They put the data up for sale to pressure the victim into paying the ransom. Over time, the group releases password-protected RAR archives that contain the victim’s data
  • If the ransom is not paid and no one buys the data, then Lorenz releases all the stolen files publicly, and anyone can access them
  • Lorenz also sells access to the victim’s internal network

The Lorenz group have already established themselves as a highly-dangerous threat actor in the online space. They’ve targeted organizations all over the world, demanding payments ranged from $500,000 to $700,000.

However, there was a period when Lorenz ransomware demanded multi-million-dollar ransom demands.

One thing is clear – Lorenz poses an ever-increasing risk to online companies, and their reputation is quickly growing out of proportions.

Leave a Comment