Canon Pwned By Ransomware… 10TB Data Stolen

Canon has apparently been hit by a ransomware cyberattack which has impacted the company’s email, Microsoft Teams, US website, and other internal applications:

The image.canon site suffered an outage on July 30th, 2020, and over six days, the site would show status updates until it went back in service yesterday, August 4th.

However, the final status update was strange as it mentions that while data was lost, “there was no leak of image data.”  This led BleepingComputer to believe there was more to the story and that they suffered a cyberattack.

Today, a source contacted BleepingComputer and shared an image of a company-wide notification titled “Message from IT Service Center” that was sent at approximately 6 AM this morning from Canon’s IT department.

This notification states that Canon is experiencing “wide spread system issues affecting multiple applications, Teams, Email, and other systems may not be available at this time.”

According to BleepingComputer, the attack has also resulted in over 10TB of stolen data.

And:

Since then, BleepingComputer has obtained a partial screenshot of the alleged Canon ransom note, which we have been able to identify as from the Maze ransomware.

After contacting the ransomware operators, BleepingComputer was told by Maze that their attack was conducted this morning when they stole “10 terabytes of data, private databases etc” as part of the attack on Canon.

Maze has a history of going after high value companies such as Xerox, LG and others. Maze also has a history of releasing the data that they steal if they don’t get paid. Thus it’s clear that they play for keeps. And it will be interesting to find out if Canon plans to pay up, or if they have paid up.

Watch this space for updates.

UPDATE: Max Heinemeyer, Director of Threat Hunting, Darktrace had this to say on this ransomware attack:

Maze are a highly professionalised cyber-crime group who often vie for a reputation as much as monetary gain – identifying viable targets, infiltrating their systems, encrypting data where it hurts the most and threatening to publish the data if the ransom is not paid. In this case, theft of personal photos might well be what secures a faster payment for the attackers. Spear-phishing, credential abuse and exploiting vulnerable internet-facing servers are all ways that groups like Maze might gain entry into their victim’s enterprise. If an attack is viable, then hackers will go for it.

The dwell time of these attacks is shockingly low – often it takes only a few days from the initial intrusion to the deployment of ransomware that shuts down an organization at computer speed, offering the victim no way out. 

Ransomware is often novel malware and therefore goes undetected by traditional security tools. AI is the best bulwark against these attacks as it is not only capable of identifying the abnormal b

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: