Canon has been subjected to a ransomware attack impacting various services, including email from Canon, Microsoft Teams, the US website, and other internal applications.
On Canon’s image.canon cloud picture and video storage service, people have been monitoring a suspected error resulting in data loss for users of their free 10GB storage function.
On July 30th, 2020, the image.canon site experienced an outage and the site would display updates of status for six days before it went back into operation yesterday, August 4th.
The final status report, however, was odd because it states that while data was lost, “there was no image data leakage,” which made us believe they fell victim to a cyber attack or ransomware attack.
Source: BleepingComputer
A source contacted BleepingComputer and shared an screenshot of a company-wide notification entitled ‘Message from IT Service Center’ which was sent from Canon’s IT department at approximately 6 AM this morning. This warning states that Canon is experiencing “wide ranging device issues that may not be apparent at this time affecting numerous applications, Staff, Email and other systems.”
As part of this outage, the website of Canon USA now contains bugs, or page bugs that are not noticed when viewed.
Source: BleepingComputer
The list of Canon domains that appear to be affected by this outage, include:
www.canonusa.com
www.canonbroadcast.com
b2cweb.usa.canon.com
canondv.com
canobeam.com
canoneos.com
bjc8200.com
canonhdec.com
bjc8500.com
usa.canon.com
imagerunner.com
multispot.com
canoncamerashop.com
canoncctv.com
canonhelp.com
bjc-8500.com
canonbroadcast.com
imageland.net
consumer.usa.canon.com
bjc-8200.com
bjc3000.com
downloadlibrary.usa.canon.com
www.cusa.canon.com
www.canondv.com
Maze Ransomware Operators claims to have stolen 10TB of data from Canon
After contacting the ransomware operators, Maze informed BleepingComputer that their assault was carried out this morning as part of the attack on Canon when they stole “10 terabytes of data, private databases, etc ..”
Maze refused to share any additional information about the attack including the amount of ransom, evidence of data stolen and the number of devices encrypted.
Although it was first assumed that the ransomware attack was linked to the image.canon failure, Maze stated that it was not triggered by them.
Maze is a company-targeted human-operated ransomware that exploits and spreads stealthily laterally across a network until it gains access to an administrator account and Windows domain controller of the system.
During this process, Maze will delete unencrypted files from servers and backups, and upload them to servers of the threat actor.
After they’ve extracted something of interest from the network and obtained access to a Windows domain controller, Maze can install ransomware to encrypt all devices throughout the network.
When a victim refuses to pay the ransom, Maze will release the stolen files of the victim to the public at a data leak site they have developed.
In the past, Maze took blame for other high profile victims, including LG, Xerox, Conduent, MaxLinear, Cognizant, Chubb, VT San Antonio Aerospace, the City of Pensacola, Florida, and more.
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)