Update: An internal memo delivered to Canon staff has confirmed the company is suffering the effects of a ransomware attack.
“Canon U.S.A, Inc. and its subsidiaries understand the importance of maintaining the operational integrity of our systems. Access to some Canon systems is currently unavailable as a result of a ransomware incident we recently discovered. This is unrelated to the recent issue which affected image.canon,” reads the memo.
Camera manufacturer Canon appears to have become the latest high-profile organization to fall victim to a ransomware attack, which has paralyzed its email services, US website and various internal applications.
On August 5, the Canon IT department issued a notice to staff explaining the company is suffering “widespread system issues affecting multiple applications, Teams, email and other systems”, but did not offer further explanation.
Canon’s US website is also currently down and is serving a message that seems to suggest routine maintenance is taking place.
However, a screen capture obtained by BleepingComputer, appears to reveal that Maze ransomware is responsible for the ongoing issues at Canon.
“We hacked your network and now all your files, documents, photos, databases and other important data are safely encrypted with reliable algorithms. You cannot access the files right now. But do not worry. You can get it back!” reads the ransom note.
Canon ransomware attack
Ransomware attacks have grown in frequency in recent years and have the potential to cause significant disruption, as highlighted by the recent assault on fitness giant Garmin.
The incident caused the company to suffer a worldwide service outage that spanned multiple days, preventing users from uploading exercise data to Garmin Connect and using its aviation navigation service, FlyGarmin.
Maze ransomware, the strain responsible for the Canon attack, has previously been used to encrypt and steal the data of companies including LG, Xerox, Cognizant and others.
In many instances, Maze operators also lift a significant amount of data from the target organization, to use as leverage in negotiations. In the case of Canon, the hackers claim to have stolen 10TB of data from private databases.
“We have also downloaded a lot of private data from your network, so in case of not contacting us as soon as possible this data will be released,” explained the ransom note.
“If you do not contact us in a 3 days we will post information about your breach on multiple public news website and after 7 days the whole downloaded info (sic).”
While Maze operators have claimed responsibility for the attack, the hackers have not disclosed their ransom demands, the quantity of encrypted devices nor shared samples of the stolen data.
However, the group did confirm it is not responsible for recent issues with Canon’s image.anon cloud storage service, which was also taken down last week after a bug caused users to lose photos and video files.