Maze Ransomware operators hacked the Xerox Corporation

Xerox Corporation is the last victim of the Maze ransomware operators, hackers have encrypted its files and threaten of releasing them.

Maze ransomware operators have breached the systems of the Xerox Corporation and stolen files before encrypting them.

The company did not disclose the cyberattack, but the Maze ransomware operators published some screenshots that show that a Xerox domain has been encrypted. One screenshot shows that hosts on “eu.xerox.net,” managed by Xerox Corporation, was hacked.

Another screenshot shows that the ransomware operators were in the Xerox network till June 25th, 2020.

Xerox Corporation is an American corporation that sells print and digital document products and services in more than 160 countries. The company declared over $1.8 billion in revenu e in Q1 2020 and has 27,000 employees across the globe. It’s currently tracking at 347 of the Fortune 500 list.

On June 24, Maze ransomware operators included Xerox in the list of the victims published on their leak site.

“The Cyble Research Team has identified and analyzed the proof. It consists of multiple screenshots showing the compromised server(s) files and data encrypted by the ransomware.” reads the post published by threat intelligence firm. “One of the snapshot consists of a warning message stating Xerox to contact the operators within 3 days, otherwise, the information about the breach would be posted on Maze public news website. (which has been crossed and breach information posted above)”

Maze ransomware operators claim to have stolen more than 100GB of files from Xerox and threaten to publish them is the company will not may the ransom.

If the victims of the group will pay the ransom, the Maze gang will finally remove stolen data from its disks and still provide a decryptor to restore files.

Last week, Maze ransomware operators claimed to have breached the South Korean multinational electronics company LG Electronics.

Recently Maze Ransomware gang breached the US chipmaker MaxLinear and Threadstone Advisors LLP, a US corporate advisory firm specialising in mergers ‘n’ acquisitions.

Maze ransomware operators are very active in this period, recently they have stolen data from US military contractor Westech and the ST Engineering group, and they have released credit card data stolen from the Bank of Costa Rica (BCR) threatening to leak other lots every week.

Previous victims of the ransomware gang include IT services firms Cognizant and Conduent.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Maze Ransomware operators)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.