Canon is the latest victim of what is believed to be a large-scale ransomware attack, which shut down the camera and printer company’s internal applications. Those responsible for the attack have also threatened to leak terabytes’ worth of stolen company data unless Canon pays the ransom.
On July 30, 2020, Canon’s image.canon website – the company’s cloud-based photo and video storage service – was suspended. The company later informed consumers on August 04, 2020 in a statement that files saved on the site prior to June 16, 2020 were lost due to an unspecified issue. Canon also gave assurances that “there was no leak of image data.”
The image.canon service allows users to store up to 10GB of images and videos for free.
BleepingComputer suspected there was more to the website outage than just an unspecified issue. When the information security news publication reached out to Canon for a statement on the matter, the company sent a notice directing anyone who has first-hand information on the “incident” to confidentially contact the company.
On August 06, 2020, a source shared with BleepingComputer details on a company-wide notification sent to all Canon employees, which said that the company is experiencing “widespread system issues affecting multiple applications. Teams, email, and other systems may not be available at this time,” hinting at a malware attack.
By this time, multiple Canon websites went down or displayed errors.
BleepingComputer also obtained a screenshot of the alleged ransom note the hackers responsible for the malware attack sent to Canon. It has been deduced from the ransom note that the malware used was the infamous Maze ransomware.
Maze hackers later confirmed with BleepingComputer that not only were they responsible for the ransomware attack on Canon, but they stole 10 terabytes of data and private databases from the company. But the hackers would not disclose any more information about their attack, such as how much the ransom amount was for, the number of devices they managed to encrypt, and if they showed any proof of stolen data.
Canon later issued an updated notice to all employees confirming the ransomware attack. The company also said that it had implemented “response protocols” to address the hack, and that it has approached cybersecurity experts to help in the recovery of the affected systems.
A report by security firm Emsisoft found that ransomware attacks increasingly involving data theft, with hackers not only locking up victims’ computer systems, but also threatening to leak sensitive information to the public if their demands are not met. The firm also identified Maze as one of the known hacker groups whose modus operandi includes data theft on top of instigating ransomware attacks.