What happened?
With so many ransomware operators going on active and targeting corporations for money, Operators of Maze ransomware recently published data of 2 corporations on their blog. These two corporations were LG electronics and Xerox.

Why did the operators of ransomware published the data publicly?
The only reason behind this rash decision by the ransomware operators would be a failed extortion attempts of the company they were targeting, In this case these companies were LG electronics and Xerox. ransomware operators released around 75 gb worth of private corporation data with 50 GB data share being of LG electronics and around 25.8 gb data of Xerox.

Maze ransomware operators usually threaten their targets after encrypting their data in order to receive the ransom they want before they make the same data public online. In the recent weeks, the ransomware operator group posted a statement where they warned the companies to not try to recover their files from backups. It was during that time they announced about LG Electronics leak.

Is the data released by the ransomware operator group real?
According to the reports of the researchers from ZDNet, it is confirmed with the source code for the firmware of various LG products in the leak, that the data is truly from LG electronics.

The news of the cyberattack on Xerox was not confirmed by the company until early june when the ransomware group released proofs of their work.

What more damage has been done to the corporations affected?
Apart from the data leak and posting of the company data, it is still unclear about how deep was this attack and up to what extent was this attack done.

What measures can you take to prevent such scenarios:
Data breaches, Data leaks, DDoS etc can be quiet damaging to not only the finances of a organisation/individual but also affects their reputation and other aspects in the industry. There aren’t any proactive counter measures which can help you during such attacks though. Hence it is always better to prepare, as Prevention is better than cure.

Here are some steps you can take to ensure your preventive measures against such scenarios:

  • Educate and train yourself & your employees against such attacks. Training against the known attack procedures can help you in long way.
  • Do not open any email whose source can’t be trusted. report the same to your admins for further investigation.
  • It is better to backup all the data that is being stored in your devices or servers. it is always better to have offline backups which can come in handy during such scenarios.
  • Rely on a good and trusted Security tools and solutions. No compromise can be done here as they are guarding your business.
  • Keep your private and work devices separate. If not possible, at least use different user environment on devices.
  • Use trusted VPN provider for your/organization devices and network. Don’t fall into the free VPN trap. They usually don’t work and store your information.
  • Always keep your devices up to date. You should install all the latest patch, drivers that are released only by the hardware manufacturer of your devices.
  • Try not to access websites whose identity cannot be verified. Most of these websites can be identified by their shady website UI and offering of Paid software’s in free.
  • Always listen to your IT Security consultant and plan your steps accordingly. You might know your business well, but your IT security consultant knows your systems and network better.
  • Do not pay ransom to the ransomware operators ever. This would not ensure whether you would get your data back or the operators would not public or delete your data.

By Siddhant Pathak

Cyber security architect, 7+ years experience in cyber security industry, Tech savy, Nature lover, Bullet 350 rider

Have some thoughts? why not share with us here.