Xerox Holdings Corp. subsidiary Xerox Business Solutions has suffered from a data breach following a ransomware attack.

The attack first came to light on Dec. 29 when the INC Ransom ransomware gang added Xerox Business Solutions to its dark web leaks site. According to Bleeping Computer, the gang claimed to have stolen sensitive data and confidential documents from XBS systems.

Xerox has confirmed the attack, saying in a statement that it experienced a “security incident” that was detected and contained by company cybersecurity personnel. The attack was limited to XBS U.S. and Xerox is working with outside cybersecurity experts to undertake a thorough investigation and take steps to secure the company’s information technology environment.

According to the compamy, the attack had no impact on its corporate systems, operations or data. However, Xerox does confirm that “limited personal information” may have been affected. Those affected will be informed as required.

INC Ransom first emerged on the scene in July of last year and positioned itself as providing a service to their victims. As detailed by SentinelOne Inc., INC Ransom victims are told to pay the ransom demanded to “save their reputation” as the threat actors indicate their intention to reveal their methods, making the victim’s environment “more secure” as a result.

The gang is known to have targeted multiple industries with little or no discrimination, with attacks across healthcare, education and government entities. Previous INC Ransom victims include BPG Building Partners Group GmbH, DM Civil LLC, Ingo Money Inc., Nicole Miller Inc., Pro Metals LLC, Springfield Area Chamber of Commerce and Trylon Corp.

Although ransomware attacks have been a proverbial dime a dozen, where this story takes a twist is that there is some suggestion that Xerox may be in discussions to pay the ransom being demanded.

“While it remains unclear whether Xerox is in negotiations with INC Ransom, the removal of their leaked documents implies ongoing discussion may be taking place,” Darren Williams, founder and chief executive of ransomware prevention company BlackFog Inc., told SiliconANGLE. “Given that data exfiltration claims were made by the ransomware group, the company is likely scrambling to safeguard not only themselves but their customers.”

Willams added that negotiating with cybercriminals is highly discouraged and should be avoided at all costs. “Paying a ransom or even just entering into negotiations builds confidence within the cybercriminal network and provides an incentive for future attacks on the same company and others alike,” Williams explained. “Once it becomes known that there is a willingness to cooperate, cybercriminals are likely to persist in their attacks.”

The news of the attack on XBS comes as Xerox announced today that it plans to lay off 15% of its 20,000-person workforce. The layoffs are part of a restructuring initiative meant to reverse the company’s recent revenue declines that include Xerox reshuffling its leadership team, simplifying its product portfolio and adopting a new go-to-market strategy.

Photo: Raxpixel