Xerox has officially confirmed that a cyber baddie broke into the systems of its US subsidiary - a week after INC Ransom claimed to have exfiltrated data from the copier and print giant.
Xerox Business Solutions, a subsidiary of Xerox, offers a range of products and services, from managed IT and print services, to robotic process automation solutions, and more.
Xerox doesn't detail XBS's financials in its annual or quarterly reports, but the company exceeded $1 billion in revenue prior to being acquired by Xerox in 2007.
It's still undetermined whether ransomware was deployed in the attack, or if the attackers followed the more recent trend of pursuing extortion-only assaults.
At the time of writing, INC Ransom had removed the post relating to the attack on XBS, including the leaked documents allegedly belonging to the subsidiary.
Posting the details of a victim online is a hallmark of a double extortion cybercrime model - a scare tactic to expedite negotiations of a ransom payment.
The removal of the post could suggest a number of things, but chief among them is that Xerox has re-engaged with INC Ransom over ransom negotiations.
A feasible scenario is that Xerox has agreed to re-enter ransom talks in exchange for the stolen data to be taken offline.
If this is the case, Xerox will likely be trying to buy time to recover the files itself rather than having to rely on paying for a decryptor from the cybercrims.
Xerox was allegedly hit by ransomware in 2020 when an attack was claimed by the Maze gang, shortly before it shut down later that year.
At the time, Maze claimed to have broken in and stolen more than 100GB worth of the company's data, at a time when Xerox was also caught up in a mass hijacking of major corporations' subdomains.
The INC Ransom gang is a relative newbie to the threat landscape, first emerging in July 2023, according to SentinelOne.
The cybersecurity vendor's experts say the group targets victims indiscriminately, and it has no issues singling out the healthcare industry or educational institutions, as many ransomware gangs also have done throughout the past few years.
Its affiliates are known to demonstrate a range of techniques to achieve initial access to victims' networks, including the use of spear-phishing emails and critical vulnerabilities in devices such as Citrix NetScalers.
This Cyber News was published on go.theregister.com. Publication date: Wed, 03 Jan 2024 13:58:07 +0000