Ransomware gang releases tons of internal data from LG and Xerox

It is the ransomware Maze. Their backers against more than 50 GB of data from LG and almost 26 GB of data from Xerox are free to download. So far, neither company has commented publicly on the incidents.

The operators of the Maze ransomware have released dozens of gigabytes of data that are said to come from the networks of the technology companies LG and Xerox. After apparently failed extortion attempts, the cybercriminals now implemented their threat and put 50.2 GB of data from LG and 25.8 GB from Xerox on the Internet.

Hackers (Image: Shutterstock)LG had already admitted the ransomware attack in June, but without giving details. When asked by ZDNet.com, neither company wanted to comment on the leaked data.

The hackers, in turn, had already announced the release of data from LG and Xerox in June with entries in their “leak portal”. As a rule, they first penetrate corporate networks, then steal confidential data and then encrypt it.

If a victim does not comply with the ransom demand for the decryption of the data, the maze backers create an entry in their leak portal to increase the pressure on the victim. Hackers usually give companies several weeks to comply with the request – only then will the compromised data be revealed via the portal.

Information provided by the Maze gang suggests that LG’s data is source code from closed-source firmware for various LG products such as laptops and smartphones. In an email sent to ZDNet.com, the hackers also claimed that they had only stolen data but not encrypted it.

No information is available on the Xerox slump. It is not known whether the cybercriminals were content with stealing data or encrypted files. An initial analysis of the data now published showed that it is information from the area of ​​customer support and data from employees.

However, there is a suspicion of a possible gateway for the hackers. Security provider Bad Packet said back in June that both companies had at least temporarily used an unpatched version of the Citrix ADC server. The vulnerability CVE-2019-19781 is also very often used to spread the maze ransomware.

LG may even have been the victim of another hacker attack. ZDNet.com has received an email from the threat intelligence provider Shadow Intelligence. According to this, hackers are supposed to offer access to a LG research center in the USA for $ 10,000 to $ 13,000.


Leave a Reply

Your email address will not be published. Required fields are marked *