Xerox Corporation is the latest victim of the Maze ransomware operators. The hackers have encrypted its files and are threatening to release them.
The company has not yet confirmed or denied a cyberattack on its network but the Maze ransomware operators published some screenshots which indicate that at least one Xerox domain has been encrypted.
Xerox Corporation is an American corporation operating in at least 160 countries. It registered over $1.8 billion in revenue in Q1 2020 and has 27,000 employees worldwide. It’s part of the Fortune 500 list, currently ranking at 347, with a revenue of over $9 billion last year.
The Maze ransomware operators included the company in their list of victims published in their leak site on June 24.
The ransomware operators are claimed to have stolen over 100GB of files from Xerox and are determined to publish it, if the company chooses not to pay the ransom.
Similar to other posts from Maze, more details regarding the attack on Xerox is not available except for proof of the breach and of encrypting the company’s systems.
The attackers published a set of 10 screenshots, showing directory listings from June 24 and 25, network shares, and the ransom note that is dropped after the encryption routine completes.
One of the screenshots shows that hosts on “eu.xerox.net,” managed by Xerox Corporation, were compromised. Systems on other domains might also be affected.
From the domain it is clear that the Maze ransomware breached a Xerox branch in Europe, and the names of the hosts indicates that it is the one in London.
Maze ransomware affiliates have been breaching big companies for the past several months. Some of the more recent attacks claimed by this group include LG Electronics, chip maker MaxLinear, IT giant Cognizant, and business services company Conduent.