- Canon has posted a note on its image.canon site stating the issue
- Canon’s US website is also down apparently due to the attack
- Maze ransomware attackers reportedly stole 10TB data
Canon appears to have faced a cyber-attack that has resulted in an outage on its image.canon cloud storage service as well as impacted the company’s US website and its various internal applications. While the imaging giant is yet to provide clarity on the matter, a report has suggested that enterprise-focussed Maze ransomware was used in the attack. Canon has also posted a note on its image.canon website stating the suspension of its mobile app and Web browser service. The new development comes just days after wearable maker Garmin faced a ransomware attack that affected its services globally.
The note posted on the image.canon website states that the issue was identified on July 30, and it impacted the 10GB long-term storage feature of the service that lets users save their photos and videos in the cloud.
“After the investigation, we identified that some of the photo and video image files saved in the 10GB long-term storage prior to June 16, 2020 9:00am (JST) were lost. We confirmed that the still image thumbnails of the affected files were not affected, and there was no leak of image data,” the company said in the note.
In addition to the image.canon service, over two dozen Canon domains appear to be impacted by the ongoing outage. The US website of the company is also inaccessible, though it says the downtime is due to some maintenance.
BleepingComputer reports that an internal notification sent by Canon’s IT department notified its employees about the “wide spread system issues affecting multiple applications, Teams, Email, and other systems.” A partial screenshot of the alleged Canon ransom note was also obtained by the publication that suggests Maze ransomware was used in the attack. The hacker group behind the attack also told BleepingComputer that it stole 10TB of data as well as private databases.
“The ransomware attack on Canon is yet another example of the Maze gang’s sustained and brazen targeting of enterprises,” said John Shier, Senior Security Advisor at cyber-security solutions provider Sophos. “Many of these attacks start by exploiting external services or simple phishing campaigns. The successful campaigns will often be followed by living-off-the-land techniques, abusing over-privileged and under-protected accounts, and hiding in plain sight.”
This isn’t the first time when the Maze ransomware has been named in an enterprise outage. It has been used in attacks on several companies, including Cognizant, LG, and Xerox, in the past.
Gadgets 360 has reached out to Canon for clarity on the matter and whether it has impacted Indian users or if it’s limited to certain markets. We are yet to hear from the company; however, in a statement to BleepingComputer, the company did mention that it was currently investigating the situation.