Is Canon facing a ransomware attack?
August 7, 2020
It’s not been a great week for Canon. First, the company revealed a vertiginous, 93.99% fall in operating profit in the second quarter of 2020 owing to the effects of Covid-19 (other market pressures were doubtless at play, too). Now, stories are widely circulating that it has fallen victim to a large-scale data kidnapping attempt by a hacking group.
According to US site BleepingComputer, 10Tb of data has been stolen, with Canon also suffering from widespread system outages, affecting over 20 of its domains. The official Canon USA site is currently down for maintenance, although Canon UK and Canon Japan, along with other global sites, seem unaffected. BleepingComputer claims it has been tracking a suspicious outage on Canon’s image.canon cloud photo and video storage service resulting in the loss of data for users of the free 10Gb storage feature. Canon has not officially responded to the story.
BleepingComputer also claims to have gotten hold of a screen grab of the ransom note (above), which was reportedly sent to Canon. This seems to identify it as a ‘Maze ransomeware’ attack, which involves encrypting the data and then threatening to release it into the public domain unless a ransom is paid. If true, the motivations behind the attack seem purely financial; Bleeping Computer describes Maze “an enterprise-targeting human-operated ransomware that compromises and stealthily spreads laterally through a network until it gains access to an administrator account at the system’s Windows domain controller.”
Update: Canon UK has commented as follows.
“We are aware that Canon USA are experiencing system issues – an investigation is currently taking place. We can confirm however that this is unrelated to the data loss we experienced on image.canon earlier this week.”