Security researchers have recently reported that the tech giant Canon has experienced a ransomware attack that has affected a number of its services. Canon’s USA website, Canon’s email, Microsoft Teams, and other internal applications have been out of service due to the incident.
There has been an outage of Canon’s image.canon cloud photo and video storage services which first was spotted on July 30, 2020. According to researchers, the image.canon website has experienced a malfunction and has shown status updates over the course of six days. The service was finally restored on August 4th and now the image.canon website can be accessed.
The latest status update that can be seen on Canon’s image website now, however, has raised some questions among the cybersecurity circles. It states that data loss has occurred but there has been no image data leak. This led to a number of security researchers to believe that there must be some potential cyber-attacks behind the scene.
An unnamed source has shared an image of a company-wide notification originating from the IT Department of Canon. It becomes clear that Canon USA is indeed experiencing system issues that have affected multiple applications and their operation.
Visitors of Canon’s USA website currently are not able to access any content as the site displays a maintenance notification.This outage appears to also have affected a list of 24 other Canon domains.
A partial screenshot of a ransom note that has become public hints that the Maze ransomware could be responsible for the incident with Canon.
The operators of Maze ransomware claim that, on the 5th of August, during an attack on Canon, they had stolen “10 terabytes of data, private databases, etc.” So far, they haven’t shared any other additional information. There is no proof of any stolen data yet, and it is still not clear how many devices have been attacked and what the demanded ransom amount is.
Originally, researchers assumed that the outage of the image.canon website was linked to the ransomware attack. However, Maze has not taken responsibility for the attack on this service.
Maze – a human-operated ransomware that targets different enterprises.
Maze is malware that spreads stealthily across the network until it gains access to the Windows domain controller and admin account. Once it makes its way through, the malware typically steals data backups and unencrypted files from servers and uploads them to the servers of the threat actors.
After the network has been harvested and the Windows domain controller has been accessed, Maze deploys ransomware through the network to encode all the connected devices. If the victim does not agree to pay the required money for the ransom, Maze distributes the stolen files publicly on a data leak site that is developed for that purpose only.
Other enterprises that have reportedly been victims of Maze include big names such as LG, Xerox, Conduent, MaxLinear, Cognizant, Chubb, VT San Antonio Aerospace, and more.
Canon has noted in a statement shared with multiple security researchers that they are “currently investigating the situation”. More details are about to be shared soon.