Camera maker Canon appears to have become the latest high-profile organization to fall victim to a ransomware attack, which has crippled its email services, US website, and several internal apps. Canon's IT department issued a staff advisory yesterday saying the company was suffering from "widespread system issues affecting multiple applications, computers, email and other systems," but was unable to provide further explanation. Canon's US website is also down and is broadcasting a message that seems to suggest routine maintenance is in progress. However, a screenshot obtained by BleepingComputer appears to reveal that Maze ransomware is responsible for the current issues at Canon. “We have hacked into your network and now all your important files, documents, photos, databases and other data are securely encrypted with trusted algorithms. You cannot access the files at this time. But do not worry. You can get it back! Read the ransom note.
Canon ransomware attack
Ransomware attacks have increased in frequency in recent years and have the potential to cause significant disruption, as highlighted by the recent assault on fitness giant Garmin. The incident left the company with a worldwide service outage that lasted several days, preventing users from uploading exercise data to Garmin Connect and using its air navigation service, FlyGarmin. Maze ransomware, the strain responsible for the Canon attack, has previously been used to encrypt and steal data from companies such as LG, Xerox, Cognizant, and others. In many cases, Maze Operators also obtain a significant amount of data from the target organization, to use as leverage in negotiations. In the Canon case, hackers claim to have stolen 10TB of data from private databases. "We also download a large amount of private data from your network, so if you don't contact us as soon as possible, that data will be published," the ransom note explains. "If you do not contact us within 3 days, we will post information about your violation on various public news websites and after 7 days all information uploaded (sic)." While Maze's operators have claimed responsibility for the attack, the hackers have not disclosed their ransom demands, the number of devices encrypted, or shared samples of the stolen data. However, the group confirmed that they were not responsible for recent issues with Canon's anon cloud storage service, which was also removed last week after a bug caused photos and video files to be lost to users. users. The camera maker has not yet responded to our request for comment, but is believed to be looking into the situation.