Xerox System Allegedly Breached by Trolls

Xerox System Allegedly Breached by Trolls

According to CRN News, Maze ransomware operators claim they’ve breached Xerox’s systems and are threatening to leak massive amounts of data unless they get paid, according to media reports.

The threat group posted several screenshots to its website that show computers on at least one Xerox domain have been encrypted, according to BleepingComputer. Maze ransomware operators claim to have stolen more than 100 GB of files from Xerox and will make them public if the Norwalk, Conn.-based printing giant doesn’t engage in negotiations for a ransom payment, BleepingComputer reported.

Xerox declined to comment. The company’s stock is down $0.42 (2.7 percent) to $15.15 per share since the BleepingComputer story was published midday Tuesday.

Maze operators published a series of 10 screenshots, according to BleepingComputer, showing directory listings from June 24 and June 25, network shares, and the ransom note that was dropped after the encryption was completed. One screenshot shows that hosts on “ex.xerox.net,” which is managed by Xerox, was hacked, BleepingComputer reported.

“After the payment, the data will be removed from our disks and decryptor will be given to you, so you can restore your files,” a ransom note sent to Xerox by the Maze operators read, according to BleepingComputer.

The hackers appear to have stolen financial documents and databases possibly storing user information, according to SecurityWeek. The dates shown in the screenshots suggest that the ransomware started encrypting files on Xerox computers on June 24, SecurityWeek reported.

The Maze ransomware operators threatened to publish information from the breach if Xerox didn’t contact them within three days, BleepingComputer reported. While the domain reveals that Maze ransomware breached a Xerox branch in Europe, BleepingComputer said the names of the hosts hint that it’s the one in London.

The post on Maze’s leak site for Xerox lacks any details about the attack except for proof of the breach and of encrypting the company’s systems, according to BleepingComputer. Maze ransomware operators thus far haven’t made false claims about which companies they’ve breached, although the impact of their attack may sometimes be exaggerated, according to SecurityWeek.

Maze ransomware has ravaged the IT industry this year, with Cognizant publicly saying on April 18 that its network was infected. The ransomware ended up encrypting servers and slowed the ability of the Teaneck, N.J.-based company, No. 6 on the 2020 CRN Solution Provider 500, to enable more work from home by taking out tools that Cognizant used to automate and provision laptops.

Related:

• Thieves Hack Bank Account of Zhuhai Supplier

Comment:

Please add your comments about this story, “Xerox System Allegedly Breached by Trolls” below.