Xerox Business Solutions targeted by INC Ransom ransomware gang

/in


Xerox Holdings Corp. subsidiary Xerox Business Solutions has suffered from a data breach following a ransomware attack.

The attack first came to light on Dec. 29 when the INC Ransom ransomware gang added Xerox Business Solutions to its dark web leaks site. According to Bleeping Computer, the gang claimed to have stolen sensitive data and confidential documents from XBS systems.

Xerox has confirmed the attack, saying in a statement that it experienced a “security incident” that was detected and contained by company cybersecurity personnel. The attack was limited to XBS U.S. and Xerox is working with outside cybersecurity experts to undertake a thorough investigation and take steps to secure the company’s information technology environment.

According to the compamy, the attack had no impact on its corporate systems, operations or data. However, Xerox does confirm that “limited personal information” may have been affected. Those affected will be informed as required.

INC Ransom first emerged on the scene in July of last year and positioned itself as providing a service to their victims. As detailed by SentinelOne Inc., INC Ransom victims are told to pay the ransom demanded to “save their reputation” as the threat actors indicate their intention to reveal their methods, making the victim’s environment “more secure” as a result.

The gang is known to have targeted multiple industries with little or no discrimination, with attacks across healthcare, education and government entities. Previous INC Ransom victims include BPG Building Partners Group GmbH, DM Civil LLC, Ingo Money Inc., Nicole Miller Inc., Pro Metals LLC, Springfield Area Chamber of Commerce and Trylon Corp.

Although ransomware attacks have been a proverbial dime a dozen, where this story takes a twist is that there is some suggestion that Xerox may be in discussions to pay the ransom being demanded.

“While it remains unclear whether Xerox is in negotiations with INC Ransom, the removal of their leaked documents implies ongoing discussion may be taking place,” Darren Williams, founder and chief executive of ransomware prevention company BlackFog Inc., told SiliconANGLE. “Given that data…

Source…