Why Maze is a dangerous tool - The attack on LG and Xerox


The infamous Maze ransomware is increasingly becoming a formidable threat to its victims. Cybersecurity experts assert that it became one of the most dangerous forms of ransomware. Maze targets organizations across the world. The ransomware spreads and demands cryptocurrency from its victims.

About Maze

Experts have been able to identify a number of Russian-speaking members who claim to use the Maze ransomware. Members are are seeking new recruits to join their team.

A large number of cyber-security firms have pointed out the threat of maze. Many also pointed out its popularity within cyber-criminal actors who have been actively deploying it since May.

Threat actors exploited email systems and sent out spam emails and kits to exploit target computers. The spam emails are themed like legitimate emails including taxes and other bills. The ransomware is hidden in attachments that are related to the email. Once the attachment is opened the virus infects the computer.

Xerox and LG refuse the bail out

The latest Maze ransomware breach happened at two massive tech companies. Tech giant LG and the printing company Xerox were both affected by Maze. Threat actors used the ransomware to steal and leak massive amounts of stolen data from both companies.

Reports indicate that the attackers stole over 50GB of data from LG and slightly over 25GB from Xerox.

A statement issued by the ransomware group alleges that both organizations were compromised in June. The statement also claims that the data was leaked due to a failed extortion attempt by the group. Today, the ransomware group is exposing the stolen data through their data leaking platform that can be accessed on the dark web.

By taking a quick look at the activity of the Maze group a pattern can be pointed out. The group always sticks to the trend of encrypting a compromised network once they steal data from it. The group would then threaten to leak the data if ransom is not paid.

No data encryption

Findings from an analysis done by ZDNet exposes interesting details in this case. The group found indications that the attack was more devastating for xerox than LG. ZDNet also established that the threat actors targeted Xerox customer support operations. This explains all the xerox customer information investigators found leaked online.

LG declined to share additional information on the cyber attack. LGs response caused confusion and left people trying to figure out the extent of the damage caused with more questions than answers.

According to a statement issued by the Maze group, the team of hackers intimated that they chose not to encrypt the stolen data. This aspect contradicts their standard operational framework. The decision was rationalized by LG and Xerox’s social significance that would otherwise lead to an impediment of their services.

ZDNet reported being snubbed by the Xerox team. Data leaked by the Maze group suggests that they indeed targeted the companies customer support department.

Although the value of actual customer data is much higher than customer support operations data the attack still shook Xerox. ZDNet analysts have acknowledged the significance of the cyber-attack that has shaken both firms.

In light of the fact that both LG and Xerox rejected falling hostage, the Maze group proceeded to leak data online. Listings for both companies were created on the groups online platform where all the stolen data was leaked. The platform is publicly accessible on the dark-net.

Why Maze ransomware is devastating

A large number of cyber-criminal enterprises are known to deploy the maze ransomware against companies. Company data is usually encrypted and only decrypted after a payment is received. The developers behind the ransomware operate a website where all the stolen data is publicly posted.

The fact that Maze is designed to expose sensitive data while disrupting the victims network makes it a really dangerous tool. The only thing That is more dangerous are the people behind it.