Xerox Alleged Maze Ransomware Victim
Maze Ransomware Threatens to Publish 100GB of Data
According to BleepingComputer, Maze ransomware claims to have captured 100GB of Xerox data as of June 25th. Xerox has yet to confirm this cyberattack but Maze is offering 10 screenshots of Xerox files as proof of breach.
“Specifically, one image shows that hosts on ‘eu.xerox.net,’ managed by Xerox Corporation, were compromised. Systems on other domains might also be impacted.” If true, Maze is demanding Xerox negotiate payment to regain access to their encrypted files.
If Xerox fails to pay, the ransomware group is threatening to publish this stolen data online. Given Xerox’s size, industry importance, close ties to other businesses, and the many examples of financial and corporate drama in the past few years, the publication of this data could be shattering.
For anyone unfamiliar with ransomware in general, it is a “type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it.” Ransomware is often spread through phishing emails, visiting infected sites, through social media links, and other security weaknesses.
Maze ransomware (previously known as ChaCha ransomware) was first discovered in May of 2019. Maze follows the standard tactic of encrypting any files it can and demanding a ransom to regain access to those files. Maze takes it a step further, however, by releasing the stolen data online if the ransom is not paid.
Not much is known about Maze at this point. Fireeye reports that Maze “operates under an affiliate model and is not distributed by a single group.” The security firm has identified “multiple Russian-speaking actors who claimed to use Maze ransomware and were seeking partners to fulfill different functional roles within their teams.”
The FBI and Department of Homeland Security have issued warnings specifically for Maze due to the damage caused to over 100 companies in North America and Europe in the past year. One of these companies is the BPS company, Conduent –formerly part of Xerox – whose European operations were compromised by Maze at the end of May.