Canon Hit by Ransomware Attack, Has 10TB of Data Stolen: Report

Canon has reportedly been hit by a devastating ransomware attack. In addition to knocking a long list of Canon websites offline, the attack is said to have resulted in a whopping 10 terabytes of data being stolen from Canon servers.

BleepingComputer reports that the ransomware group called Maze has claimed responsibility for successfully attacking Canon and impacting a wide range of services at the company, including email, team collaboration software, its USA websites, and internal applications.

Canon reportedly sent out a company-wide alert this morning to inform employees of “wide spread system issues affecting multiple applications[.] Teams, Email, and other systems may not be available at this time.”

At the time of this writing, Canon-related websites that are down include canonusa.com, usa.canon.com, canonhelp.com, imageland.net, consumer.usa.canon.com, cusa.canon.com, and more. Visiting them brings up an Internal Server Error message.

BleepingComputer, which cites both a Canon insider and a Maze representative as sources, published a partial screenshot of the ransom note that Canon was presented.

The ransom note that’s part of the Maze ransomware. Source: BleepingComputer.

Maze tells BleepingComputer that it managed to steal “10 terabytes of data, private databases etc.” Other details of the attack, including the nature of the stolen data and the ransom amount, are not known.

Maze ransomware has reportedly hit other big brands in the past, including LG and Xerox. It has also reportedly targeted hospitals and labs on the front line of the fight against the COVID-19 pandemic.

After spreading through a network and gaining administrator access, the ransomware steals files from servers and sends them to the attacker’s servers. The ransomware then encrypts data across the network and locks the company out.

Companies are given access if the ransom demand is paid. Otherwise, the stolen data is leaked on Maze’s website.

The fitness brand Garmen was hit by a ransomware attack in late July, resulting in the company’s operations largely being shut down. It ended up paying a multi-million dollar ransom to the attackers (reportedly not Maze) in order to decrypt all its files and get business moving again.

Canon’s camera cloud platform image.canon suffered multiple days of downtime and user data loss over the past week, but Maze tells BleepingComputer that what happened to image.canon was unrelated to today’s ransomware attack.


Update: A Canon spokesperson tells PetaPixel that the company is “currently investigating the situation.”

Discussion