Canon has been subjected to a ransomware attack impacting various services, including email from Canon, Microsoft Teams, the US website, and other internal applications.
On Canon’s image.canon cloud picture and video storage service, people have been monitoring a suspected error resulting in data loss for users of their free 10GB storage function.
On July 30th, 2020, the image.canon site experienced an outage and the site would display updates of status for six days before it went back into operation yesterday, August 4th.
The final status report, however, was odd because it states that while data was lost, “there was no image data leakage,” which made us believe they fell victim to a cyber attack or ransomware attack.
A source contacted BleepingComputer and shared an screenshot of a company-wide notification entitled ‘Message from IT Service Center’ which was sent from Canon’s IT department at approximately 6 AM this morning. This warning states that Canon is experiencing “wide ranging device issues that may not be apparent at this time affecting numerous applications, Staff, Email and other systems.”
As part of this outage, the website of Canon USA now contains bugs, or page bugs that are not noticed when viewed.
The list of Canon domains that appear to be affected by this outage, include:
www.canonusa.com www.canonbroadcast.com b2cweb.usa.canon.com canondv.com canobeam.com canoneos.com bjc8200.com canonhdec.com bjc8500.com usa.canon.com imagerunner.com multispot.com canoncamerashop.com canoncctv.com canonhelp.com bjc-8500.com canonbroadcast.com imageland.net consumer.usa.canon.com bjc-8200.com bjc3000.com downloadlibrary.usa.canon.com www.cusa.canon.com www.canondv.com
Maze Ransomware Operators claims to have stolen 10TB of data from Canon
After contacting the ransomware operators, Maze informed BleepingComputer that their assault was carried out this morning as part of the attack on Canon when they stole “10 terabytes of data, private databases, etc ..”
Maze refused to share any additional information about the attack including the amount of ransom, evidence of data stolen and the number of devices encrypted.
Although it was first assumed that the ransomware attack was linked to the image.canon failure, Maze stated that it was not triggered by them.
Maze is a company-targeted human-operated ransomware that exploits and spreads stealthily laterally across a network until it gains access to an administrator account and Windows domain controller of the system.
During this process, Maze will delete unencrypted files from servers and backups, and upload them to servers of the threat actor.
After they’ve extracted something of interest from the network and obtained access to a Windows domain controller, Maze can install ransomware to encrypt all devices throughout the network.
When a victim refuses to pay the ransom, Maze will release the stolen files of the victim to the public at a data leak site they have developed.
In the past, Maze took blame for other high profile victims, including LG, Xerox, Conduent, MaxLinear, Cognizant, Chubb, VT San Antonio Aerospace, the City of Pensacola, Florida, and more.