Update as of 06/30/2020: As part of Cyble regular monitoring of the on-going data leaks, our researchers came across the revelation of alleged attack on Xerox Corporation by the Maze ransomware operators. Just after the data leaks of Manson Construction Co and Innotech-Execaire Aviation Group, Xerox fell a victim of the Maze ransomware group.
Xerox Holdings Corporation founded in 1906 is an American corporation that sells print and digital document products and services in more than 160 countries. As a large developed company, it is consistently placed in the list of Fortune 500. With over 27,000 employees the company has an average annual revenue above $10 billion.
Below is the snapshot of the claim by ransomware operators -:
The Cyble Research Team has identified and analyzed the proof. It consists of multiple screenshots showing the compromised server(s) files and data encrypted by the ransomware. One of the snapshot consists of a warning message stating Xerox to contact the operators within 3 days, otherwise, the information about the breach would be posted on Maze public news website. (which has been crossed and breach information posted above)
Below are few snapshots posted by the ransomware operators.
The leaked screenshots show that the ransomware operators were in the Xerox network till June 25th, 2020.
We recommend people to:
- Never share personal information, including financial information over the phone, email or SMSs
- Use strong passwords and enforce multi-factor authentication where possible
- Regularly monitor your financial transaction, if you notice any suspicious transaction, contact your bank immediately.
- Turn-on automatic software update feature on your computer, mobile and other connected devices where possible and pragmatic
- Use a reputed anti-virus and internet security software package on your connected devices including PC, Laptop, Mobile
- People who are concerned about their exposure in darkweb can register at AmiBreached.com to ascertain their exposure.
Cyble is a US-based cyber threat intelligence company with the express mission to provide organizations with real-time views of their supply chain cyber threats and risks.