Canon, the Japanese camera giant, recently fell victim to a ransomware attack where over 10TB of photos, videos, and other data were stolen across multiple devices.
The attack affected the company’s storage and email services, Microsoft Teams, as well as the U.S. version of its website.
Following the incident, Canon’s IT service sent a company-wide notification indicating that it is experiencing “widespread system problems affecting multiple applications, computers, email, and other systems may not be available at this time.” It also added that as part of the outage, the Canon USA website would be unavailable.
The outage at the image.canon photo storage service took Canon’s website down from July 30 for 6 days and finally returned on August 4th. The very same day, the company posted a message on image.canon website explaining the incident and maintaining that “there was no leak of image data” from its cloud service.
However, on August 5, 2020, BleepingComputer, released its own report stating that the attackers managed to steal around 10 TB of data. It also managed to obtain a partial screenshot of the alleged Canon ransom note, which indicates that the company was attacked during the morning of August 5 by the notorious Maze ransomware gang.
When BleepingComputer contacted Maze regarding the Canon attack, they were told by Maze that their attack was conducted this morning when they stole “10 terabytes of data, private databases, etc” as part of the attack on Canon.
“We hacked your network and now all your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms. You cannot access the files right now. But do not worry. You can get it back! It is easy to recover in a few steps,” the Maze ransom note said.
“We have also downloaded a lot of private data from your network, so in case of not contacting us as soon as possible this data will be released. If you do not contact us in three days we will post information about your breach on our public news website and after seven days the whole download info.”
However, the gang refused to divulge any more information regarding the attack including proof of stolen data, the ransom amount, and the number of devices encrypted.
The hackers also denied any involvement in the near-week-long image.canon outage that saw the loss of some data from users on its 10GB storage plan. The gang said that they had nothing to do with this ransomware attack.
In a statement to BleepingComputer, a spokesperson for Canon said that they are “currently investigating the situation.”
Currently, Canon-related websites that down include canonusa.com, usa.canon.com, canonhelp.com, imageland.net, consumer.usa.canon.com, and more.
Visiting these websites display an internal server error message that reads, “We’re sorry, the site is temporarily undergoing maintenance and could not complete your request.
Watch this space for more updates, as this is a developing story!
