Maze ransomware operators claim to have carried out a successful attack and hacked Xerox corporation, stealing more than 100 GB of data. If the company does not pay the ransom to Maze, they promise to publish the stolen information in the public domain.
Xerox Corporation is a huge business present in at least 160 countries. It registered over $1.8 billion in revenue in Q1 2020 and has 27,000 employees across the globe. It’s part of the Fortune 500 list, currently ranking at 347, with a revenue of over $9 billion last year.Bleeping Computer reports that the attack of the ransomware seems to have occurred on June 25 of this year.
As in previous messages from Maze, the message for Xerox does not contain any details about the attack, except for evidence of hacking and encryption of the company’s systems.
After paymen, the data will be removed from our disks and decryptor will be given to you, so you can restore all your files”, — says in the message about ransom demand.
Xerox Corporation has not yet confirmed or refuted the fact of compromise, but screenshots published by attackers show that the data was encrypted in at least one domain of the corporation.
In total, hackers published a set of 10 screenshots that show directories listed on June 24 and 25, shared network resources, financial documents and databases. One of the images shows that hosts on eu.xerox.net were hacked, but systems in other domains could also be affected.
Journalists note that although the domain indicates that Maze entered the Xerox European branch, the hostnames indicate that the representative office in London was damaged.
Ransomware infections typically leverage exposed remote desktop services and then gain access to domain admin accounts. From there, they can pivot to valuable hosts. Vulnerabilities in systems that face the public web are also an entry point for these attackers”, — report Bleeping Computer journalists.
Interestingly, Maze operators have never been caught on false statements about companies that they hacked (although the scale of their attacks is sometimes exaggerated). In recent weeks, hackers have claimed that chip-making company MaxLinear and IT giant Cognizant have been their victims.
I also recall that Maze, LockBit, and Ragnar Locker ransomware united into the criminal Maze Cartel.
