Canon hit by Maze Ransomware attack, 10TB data allegedly stolen

Canon has suffered a ransomware attack that impacts numerous services, including Canon’s email, Microsoft Teams, USA website, and other internal applications.

BleepingComputer has been tracking a suspicious outage on Canon’s image.canon cloud photo and video storage service resulting in the loss of data for users of their free 10GB storage feature.

The image.canon site suffered an outage on July 30th, 2020, and over six days, the site would show status updates until it went back in service yesterday, August 4th.

However, the final status update was strange as it mentions that while data was lost, “there was no leak of image data.” This led BleepingComputer to believe there was more to the story and that they suffered a cyberattack.
Canon suffers ransomware attack

Today, a source contacted BleepingComputer and shared an image of a company-wide notification titled “Message from IT Service Center” that was sent at approximately 6 AM this morning from Canon’s IT department.

This notification states that Canon is experiencing “wide spread system issues affecting multiple applications, Teams, Email, and other systems may not be available at this time.”

As part of this outage, Canon USA’s website is now displaying errors or page not found errors when visited.Maze claims to have stolen 10TB of data from Canon.

After contacting the ransomware operators, BleepingComputer was told by Maze that their attack was conducted this morning when they stole “10 terabytes of data, private databases etc” as part of the attack on Canon.

Maze declined to share any further info about the attack including the ransom amount, proof of stolen data, and the amount of devices encrypted.

While we first thought that the image.canon outage was related to the ransomware attack, Maze has told us that it was not caused by them.

Maze is an enterprise-targeting human-operated ransomware that compromises and stealthily spreads laterally through a network until it gains access to an administrator account and the system’s Windows domain controller.

During this process, Maze will steal unencrypted files from servers and backups and upload them to the threat actor’s servers.

Once they have harvested the network of anything of value and gain access to a Windows domain controller, Maze will deploy the ransomware throughout the network to encrypt all of the devices.

If a victim does not pay the ransom, Maze will publicly distribute the victim’s stolen files on a data leak site that they have created.

Maze has claimed responsibility for other high-profile victims in the past, including LG, Xerox, Conduent, MaxLinear, Cognizant, Chubb, VT San Antonio Aerospace, the City of Pensacola, Florida, and more.

In a statement to BleepingComputer, Canon says they are “currently investigating the situation.”Bleeping Computer