Canon suffers ransomware attack, Maze claims responsibility

Reports based on an internal memo suggest an external security firm has been hired to investigate.

Ransomware: Hackers strike and football club defences are exposed

A reported ransomware attack suffered by Canon appears to have been confirmed by an internal memo, with Maze threat actors taking the credit. 

As reported by Bleeping Computer, a six-day outage beginning July 30 on the image.canon website, a service for uploading and storing photos through Canon's mobile applications, led to suspicions that a cyberattack may have taken place. 

See also: Black Hat: Entropy - the solution to malvertising and malspam?

While now service has resumed, in the website's last status update, Canon revealed that an issue "involving 10GB of data storage" was under investigation, leading to the temporary suspension of related mobile apps and the online platform. 

Canon said that "some of the photo and image files" saved prior to June 16 were "lost," but in the same breath, insisted that there "was no leak of image data." 

"Currently, the still image thumbnails of these lost image files can be viewed but not downloaded or transferred," the company said. "If a user tries to download or transfer a still image thumbnail file, an error may be received."

This, in itself, may suggest nothing more than a technical issue with back-end servers. However, at the same time, an internal memo obtained by the publication warned employees of "company-wide" IT issues, including apps, Microsoft Teams, and email. 

CNET: Browser privacy: Change these settings now, whether you use Chrome, Safari or Firefox

It is believed that Maze is to blame, after the threat group said they had stolen 10TB in data after launching a successful ransomware attack against the tech giant. 

Maze, however, denied responsibility for the image.canon issues, and so the timing of the outage and the ransomware infection may simply be coincidental. Another memo sent internally suggested a "ransomware incident" had occurred, and a third-party cyberforensics company has been hired to investigate. 

Maze operators use a form of ransomware that generally targets enterprise companies. The group's malware encrypts networks and a ransom note is then displayed, with exhortation attempts sometimes reaching thousands of dollars -- far more than could be asked for by targeting individuals or the general public.

The group's modus operandi is to exfiltrate sensitive, corporate information and threaten to release it unless payment is made. 

Canon said the company is "currently investigating the situation."

TechRepublic: Security analysts want more help from developers to improve DevSecOps

Earlier this week, for example, Maze published gigabytes of data belonging to LG and Xerox after both companies refused to bow to blackmail. 

Ransomware, however, was not deployed on LG's network. Speaking to ZDNet, the group said they simply infiltrated LG and stole information instead, deciding to withhold ransomware deployment as LG clients were "socially significant." Xerox has remained quiet when it comes to the incident.

Back in May, delivery network Pitney Bowes suffered a ransomware attack caused by the same cybercriminals. At the time, Maze published a set of screenshots online as evidence of network intrusion, having encrypted the firm's IT systems in the quest for a ransom payment. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0