Canon Inc., a Japanese multinational corporation specialized in optical and imaging products, has allegedly fallen victim to a ransomware attack deployed by the infamous Maze group.
According to BleepingComputer, which broke the story, Canon’s IT department sent out a company-wide notice informing workers that “Canon USA is experiencing wide spread system issues, affecting multiple applications, Teams, Email and other system may not be available at this time.”
Multiple Canon-related websites are also down, including canonusa.com, usa.canon.com, canonhelp.com, imageland.net, consumer.usa.canon.com, cusa.canon.com, and more. Visiting them brings up an Internal Server Error message.
The security and technology news publication says it obtained a snippet of the alleged ransom note left behind by the attackers.
“We hacked your network and now all your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms,” the ransom note said. “You cannot access the files right now. But do not worry. You can get it back! It is easy to recover in a few steps. We have also downloaded a lot of private data from your network, so in case of not contacting us as soon as possible this data will be released. If you do not contact us in 3 days we will post information about your breach on public news websites and after 7 days thee whole downloaded info.”
The letter continues with specifics on how to contact the Maze operators and a warning that the only way to restore encrypted data is by paying up.
Bleeping Computer says it contacted the ransomware gang, which confirmed that the attack was conducted on August 5. Although the cybercriminals refused to reveal any additional information such as ransom amount or screenshots of exfiltrated data, they claimed that “10TB of data and private databases” were stolen from Conon’s servers.
A suspicious incident regarding an outage impacting users of image.canon website was also reported on July 30.
“On July 30, 2020, we identified an issue involving the 10GB long-term storage on image.canon,” the notification reads. “In order to conduct further investigation, we temporarily suspended both the mobile application and web browser service of image.canon. After the investigation, we identified that some of the photo and video image files saved in the 10GB long-term storage prior to June 16, 2020 9:00am (JST) were lost. We confirmed that the still image thumbnails of the affected files were not affected, and there was no leak of image data. After having resolved the issue that resulted in the loss of the photo and video image files, we resumed the image.canon service as of August 4, 2020.”
However there is no evidence that the two incidents are related, and the ransomware attackers have denied any involvement in the outage.
Canon has yet to release a statement detailing the incident. But taking into consideration their outage and internal communication, the alleged ransomware attack will likely be confirmed.