Canon suffers ransomware attack in internal memo

A conveyed ransomware attack suffered by Canon seems to have been confirmed by an internal memo, with Maze cyber crooks taking the credit. According to reports, a six-day outage starting July 30 on the image.canon website, a service for uploading and storing images through Canon’s mobile apps, led to doubts that a cyberattack may have occurred. While now service has restarted, in the website’s last status update, Canon publicized that an issue “involving 10GB of data storage” was under inquiry, leading to the temporary suspension of related mobile apps and the online platform.

Canon confirms ransomware attack

Canon mentioned that “some of the photo and image files” saved before June 16 were “lost,” but also stated that there “was no leak of image data.” “Currently, the still image thumbnails of these lost image files can be viewed but not downloaded or transferred,” the company said. “If a user tries to download or transfer a still image thumbnail file, an error may be received.”

This may suggest nothing more than a technical issue with back-end servers. However, at the same time, an interior memo acquired by the publication warned employees of “company-wide” IT issues, including apps, Microsoft Teams, and email. It is believed that Maze is to blame, after the threat group said they had stolen 10TB in data after launching a successful crypto-virus attack against the tech giant.

Maze, however, denied responsibility for the image.canon issues, and so the timing of the outage and the ransomware infection may simply be coincidental. Another memo sent internally suggested a “ransomware incident” had occurred, and a third-party cyberforensics company has been hired to investigate. The group’s operus morandi is to exfiltrate sensitive, corporate information and threaten to release it unless payment is made.

Canon said the company is “currently investigating the situation.” Earlier this week, for example, Maze revealed gigabytes of data belonging to LG and Xerox after both companies refused to bow to blackmail. Ransomware, though, was not arranged on LG’s network. The group said they simply penetrated LG and stole information instead, deciding to withhold ransomware deployment as LG clients were “socially significant.” Xerox has persisted quiet when it comes to the incident.