{
	"id": "e11e854b-3eae-4eb8-a873-5220b07fa2ad",
	"created_at": "2026-04-06T00:06:18.046281Z",
	"updated_at": "2026-04-10T13:12:30.018091Z",
	"deleted_at": null,
	"sha1_hash": "13c7d223ae9456baa2189b728f55c7f5b6b04220",
	"title": "Business giant Xerox allegedly suffers Maze Ransomware attack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 936712,
	"plain_text": "Business giant Xerox allegedly suffers Maze Ransomware attack\r\nBy Ionut Ilascu\r\nPublished: 2020-06-30 · Archived: 2026-04-05 21:11:33 UTC\r\nMaze ransomware operators have updated their list of victims adding Xerox Corporation to the roster. It appears that the\r\nencryption routine had completed on June 25.\r\nThe company has yet to confirm or deny a cyberattack on its network but screenshots from the attacker show that computers\r\non at least one Xerox domain have been encrypted.\r\nXerox Corporation is a huge business present in at least 160 countries. It registered over $1.8 billion in revenue in Q1 2020\r\nand has 27,000 employees across the globe. It's part of the Fortune 500 list, currently ranking at 347, with a revenue of over\r\n$9 billion last year.\r\nhttps://www.bleepingcomputer.com/news/security/business-giant-xerox-allegedly-suffers-maze-ransomware-attack/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/business-giant-xerox-allegedly-suffers-maze-ransomware-attack/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nThreat to publish over 100GB of data\r\nOn June 24, for a brief while, Maze's leak site showed Xerox among the victims of this ransomware group. We contacted\r\nXerox at the time but did not receive an answer.\r\nThe attackers told BleepingComputer that they had compromised the company’s network but added them too early.\r\nJust like previous posts from Maze, the one for Xerox lacks any details about the attack except for proof of the breach and of\r\nencrypting the company’s systems.\r\nAccording to the attacker, they have stolen more than 100GB of files from Xerox and are determined to share it all if the\r\ncompany chooses not to engage in negotiations for a ransom payment.\r\n“After the payment the data will be removed from our disks and decryptor will be given to you, so you can restore all your\r\nfiles,” reads the ransom note.\r\nMaze published a set of 10 screenshots, showing directory listings from June 24 and 25, network shares, and the ransom\r\nnote that is dropped after the encryption routine completes.\r\nSpecifically, one image shows that hosts on “eu.xerox.net,” managed by Xerox Corporation, were compromised. Systems on\r\nother domains might also be impacted.\r\nWhile the domain reveals that Maze ransomware breached a Xerox branch in Europe, the names of the hosts hint that it’s the\r\none in London.\r\nAnother screenshot of a desktop screen with the Xerox brand name shows the ransom note dropped by the attacker,\r\nwho threatened to publish information from the breach if the company did not contact them in three days.\r\nhttps://www.bleepingcomputer.com/news/security/business-giant-xerox-allegedly-suffers-maze-ransomware-attack/\r\nPage 3 of 5\n\nMaze ransomware affiliates have been breaching big companies left and right. Some of the more recent attacks claimed by\r\nthis group include LG Electronics, chip maker MaxLinear, IT giant Cognizant, and business services company Conduent.\r\nRansomware infections typically leverage exposed remote desktop services and then gain access to domain admin accounts.\r\nFrom there, they can pivot to valuable hosts. Vulnerabilities in systems that face the public web are also an entry point for\r\nthese attackers.\r\nStarting last year, ransomware groups began to steal data from the victim network and threaten to publish it unless the\r\nransom is paid.\r\nhttps://www.bleepingcomputer.com/news/security/business-giant-xerox-allegedly-suffers-maze-ransomware-attack/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/business-giant-xerox-allegedly-suffers-maze-ransomware-attack/\r\nhttps://www.bleepingcomputer.com/news/security/business-giant-xerox-allegedly-suffers-maze-ransomware-attack/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/business-giant-xerox-allegedly-suffers-maze-ransomware-attack/"
	],
	"report_names": [
		"business-giant-xerox-allegedly-suffers-maze-ransomware-attack"
	],
	"threat_actors": [],
	"ts_created_at": 1775433978,
	"ts_updated_at": 1775826750,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/13c7d223ae9456baa2189b728f55c7f5b6b04220.pdf",
		"text": "https://archive.orkl.eu/13c7d223ae9456baa2189b728f55c7f5b6b04220.txt",
		"img": "https://archive.orkl.eu/13c7d223ae9456baa2189b728f55c7f5b6b04220.jpg"
	}
}