https://www.securityweek.com/ransomware-operators-claim-they-hacked-printing-giant-xerox?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29
12 replies (most recent on top)
Steve B COO preferred Wipro (ironically they’ve been hacked too), but he wanted an even better deal than they would agree to. So he decided to punish them by choosing HCL for some functions. XRX ended up paying more, and the quality of HCL isn’t causing anyone to re-look. Does that sound like a cool headed executive to you? These guys live in a different world, incredibly it is often more about their giant egos than doing what is right.
No surprise that if it did in fact occur that it may have happened thru an HCL access point. You usually get what you pay for, still can’t believe Xerox choose to outsource various functions to HCL, who in C Suite was responsible for that direction?
Based on a screenshot photo of the HCL logoed desktop I think that was the compromised system. I don't see a data dump so either Xerox or HCL paid the ransom. Or an insurance company of one of them.
S3?
Sure is the premier TechPowerHouse, selling products with Java GUIs and using WS-* security protocols for your network.
It remains to be discovered if the CISO was walked out or left on her own after most of the competent security staff left or was layed off. She played a major part in both forms of staff departure. Those left holding the bag are remnants of her era where factors other than job performance mattered most. The ensuing lack of protective competence and skills will be illuminated as a result of this attack by the Maze group. Likely other groups will follow as they read how the initial breach occurred. Will mgmt be able to see through the GSS BS this time?
Xerox’S info is so spread out on different systems , different companies (hcl) bad out of date systems (esap) I’m not surprised , I bet customers will be unhappy ! S3 is so outdated now .
This was only a matter of time after the shat show that was GSS under Johnson. Those without relevant skills now own this mess. I have no sympathy.
Asleep at the wheel or AWOL?
Way too many disgruntled ex employees in other countries looking for revenge. No surprise here.
former global security service person here. Well, after gutting the information security department, this is really no surprise. Good luck to the new Incident Response Manager in working this incident.
For the lazy:
Cybercriminals claim they have hacked the systems of U.S. printing giant Xerox and they are threatening to leak files stolen from the company unless they get paid.
The threat actor operating the ransomware known as Maze has published several screenshots on its website in an effort to demonstrate that it has gained access to Xerox systems.
The Maze ransomware operators aim to increase their chances of making a profit by not only encrypting victims’ files, but also stealing information from the compromised servers and threatening to make it public unless their ransom demand is met.
The fact that the cybercriminals posted Xerox’s name on their website suggests that the company did not contact them within 3 days after its files were encrypted. The attackers tell victims that their data will be leaked if they don’t respond within 7 days.
Based on the screenshots made public, the hackers appear to have stolen, among other things, financial documents and databases possibly storing user information. The dates shown in the screenshots suggest that the ransomware started encrypting files on Xerox computers on June 24.
SecurityWeek has reached out to Xerox for comment and will update this article if the company responds.
Maze ransomware operators have so far not been caught making false claims regarding which companies they have breached, although the impact of their attack may sometimes be exaggerated.
In recent months, the hackers claimed to have successfully targeted major companies such as Cognizant, Conduent and MaxLinear. One of their most recent alleged victims is LG, for which they have already released a 3.6 GB archive that supposedly contains only 1% of the data stolen from the electronics giant. While the archive is available for download from the Maze website, the file is password-protected and the hackers say they will provide the password “later.”
The threat actor has warned victims that not paying the ransom will end up costing them much more than the actual ransom if their files get leaked. MaxLinear and Conduent have been provided as examples of companies that will likely suffer significant financial losses due to their failure to collaborate with the attackers, who claim they are open to negotiations.
The University of California San Francisco (UCSF) recently admitted paying roughly $1.14 million to cybercriminals to recover data encrypted during a ransomware attack earlier this month. That attack reportedly involved NetWalker ransomware.
Saw this on news this morning. Has anyone heard of this is true?