Ransomware Operators Publish Data Allegedly Stolen from LG, Xerox
Maze ransomware operators have published data they claim to have taken from internal networks at LG and Xerox after the companies declined to pay a ransom. In a June email exchange with ZDNet, Maze operators say they did not launch ransomware on LG's network, but only exfiltrated data.
Both systems ran Citrix ADC servers, vulnerable to CVE-2019-19781, which has been characterized as a favorite entry point for Maze Operators. Keeping your boundary and remote access devices patched, expeditiously, is critical with today's threat environment. Verify you can monitor and alert on exfiltration of data, including tuning and testing. Also, when considering breached data, remember to include assessing loss of intellectual property. Too often, the review is of customer or employee personal information.