Pierluigi Paganini July 01, 2020

Xerox Corporation is the last victim of the Maze ransomware operators, hackers have encrypted its files and threaten of releasing them.

Maze ransomware operators have breached the systems of the Xerox Corporation and stolen files before encrypting them.

The company did not disclose the cyberattack, but the Maze ransomware operators published some screenshots that show that a Xerox domain has been encrypted. One screenshot shows that hosts on “eu.xerox.net,” managed by Xerox Corporation, was hacked.

Another screenshot shows that the ransomware operators were in the Xerox network till June 25th, 2020.

Xerox Corporation is an American corporation that sells print and digital document products and services in more than 160 countries. The company declared over $1.8 billion in revenue in Q1 2020 and has 27,000 employees across the globe. It’s currently tracking at 347 of the Fortune 500 list.

On June 24, Maze ransomware operators included Xerox in the list of the victims published on their leak site.

“The Cyble Research Team has identified and analyzed the proof. It consists of multiple screenshots showing the compromised server(s) files and data encrypted by the ransomware.” reads the post published by threat intelligence firm. “One of the snapshot consists of a warning message stating Xerox to contact the operators within 3 days, otherwise, the information about the breach would be posted on Maze public news website. (which has been crossed and breach information posted above)”

Maze ransomware operators claim to have stolen more than 100GB of files from Xerox and threaten to publish them is the company will not may the ransom.

If the victims of the group will pay the ransom, the Maze gang will finally remove stolen data from its disks and still provide a decryptor to restore files.

Last week, Maze ransomware operators claimed to have breached the South Korean multinational electronics company LG Electronics.

Recently Maze Ransomware gang breached the US chipmaker MaxLinear and Threadstone Advisors LLP, a US corporate advisory firm specialising in mergers ‘n’ acquisitions.

Maze ransomware operators are very active in this period, recently they have stolen data from US military contractor Westech and the ST Engineering group, and they have released credit card data stolen from the Bank of Costa Rica (BCR) threatening to leak other lots every week.

Previous victims of the ransomware gang include IT services firms Cognizant and Conduent.

Pierluigi Paganini

(SecurityAffairs – hacking, Maze Ransomware operators)

[adrotate banner=”5″]

[adrotate banner=”13″]