Canon confirms ransomware attack in an internal memo sent to employees
Camera and optical equipment manufacturer Canon Is the latest victim of a crippling ransomware attack. Some of the company’s USA websites, twenty-four in total, as well as other services are offline. Canon’s email, use of Microsoft Teams, some US websites, and other internal applications are all impacted by the attack. Information points to the work of Maze ransomware.
An internal memo from Canon to their employees has confirmed the ransomware cyber security incident.
Canon Images Gone Missing
Canon offers customers a free photo and video 10GB storage feature which is hosted in the cloud. This storage site, image.canon suffered a supposedly unrelated outage on July 30th, 2020. Although this service is now restored, the company posted a message that says, “there was no leak of image data.” However, a notice also states that only thumbnails of uploaded images are available and other images and videos were lost. Both of those messages existing simultaneously make little sense.
Source: BleepingComputer
Exfiltration of the victim’s data is a typical Maze tactic.
USA.Canon.com Disabled
The Canon USA website currently shows a maintenance home page that has a note that stating the company is updating its website. Page navigation is not working at this time. The homepage reads, “Our heads aren’t in the clouds. We’re just busy improving our corporate site. In the meantime, please visit us at: Canon Online Store. or. Canon Forum” on the US website.
The company is based in Ōta, Tokyo, Japan.
A post on Bleeping Computer reports that the hacking group behind Maze ransomware have claimed responsibility for the attack. The threat actors claimed to have stolen “10 terabytes of data, private databases etc”
Source: BleepingComputer
List of Canon domains affected by this outage
- www.canonusa.com
- www.canonbroadcast.com
- b2cweb.usa.canon.com
- canondv.com
- canobeam.com
- canoneos.com
- bjc8200.com
- canonhdec.com
- bjc8500.com
- usa.canon.com
- imagerunner.com
- multispot.com
- canoncamerashop.com
- canoncctv.com
- canonhelp.com
- bjc-8500.com
- canonbroadcast.com
- imageland.net
- consumer.usa.canon.com
- bjc-8200.com
- bjc3000.com
- downloadlibrary.usa.canon.com
- www.cusa.canon.com
- www.canondv.com
Maze Ransomware
Maze ransomware is a human operated ransomware. The threat actors work until they gain access to the appropriate permissions to carry out their attack.
Maze has been used to attack LG, Xerox, Banco BCR, Conduent, MaxLinear, Cognizant cyber security solution provide, insurance company Chubb, VT San Antonio Aerospace, Medical Diagnostics Laboratories (MDLab), and the City of Pensacola, Florida.
Maze a ransomware was previously called ChaCha.
In early June 2020, government contractor, Westech International, was attacked by Maze ransomware. The threat actors took sensitive documents that support the US Minuteman III nuclear missile program.
Recent ransomware attacks
Canon Is apparently the latest victim of a devastating corporate ransomware attack that result in the inability to serve customers and to communicate the situation effectively.
On July 23 fitness tech company Garmin, was hit by a ransomware attack. Threat actors from Evil Corp successfully crippled Carmen With the wasted locker ransomware. During the tag Garmin connect and cloud services were largely disabled. users could not upload data or download new maps. Garman employees were unable to offer customer assistance through email phone calls or online chat.
READ: Garmin Took Ransomware Decryption Keys
Right now, it appears that Garmin and Canon Were attacked by different ransomware strains. Unlike Evil Corp the attackers who use maze ransomware will sell the stolen data on the dark web if their ransom demand is not paid.
