Japanese camera-maker Canon suffers a Maze ransomware attack where the hackers stole 10TB of company data and disrupted various applications, email, Microsoft Teams, and other systems. Canon incidentally suspended its versatile application and internet browser service of image.canon when it found out a part of the user’s video image and still image data put away in the cloud photo platform was lost on July 30.
Albeit the image. canon service recommenced on August 4; the organization shared that clients won’t have the option to share or download still picture thumbnails in the 10GB long-term stockpiling.
Canon states, “After the investigation, we identified that some of the photo and video image files saved in the 10GB long-term storage prior to June 16, 2020 9:00am (JST) were lost. We confirmed that the still image thumbnails of the affected files were not affected, and there was no leak of image data. After having resolved the issue that resulted in the loss of the photo and video image files, we resumed the image.canon service as of August 4, 2020.”
When Bleeping Computer addressed the cybercriminals, the gang concurred about stealing ten terabytes of information, private databases, and other held data from Canon. Be that as it may, they rejected to give the proof to back up their cases. Moreover, the group fails to uncover the number of gadgets encoded in the Maze ransomware flare-up and its mentioned result.
The Maze ransomware administrators expressed they are not accountable for the outage on the image.canon, supporting the Canon’s underlying proclamation about no leakage of photographs. The camera mammoth told media that the server outage’s timing just as the Maze ransomware hit, was absolutely incidental.
James McQuiggan, a Security Awareness Advocate at KnowBe4, says, “While it’s not been entirely evident, this attack is not one that happened quickly. Cybercriminals would have been inside the infrastructure and systems for some time, not hours, but most likely days, to access this many domains of the organization.”
Matt Walmsley, EMEA Director at Vectra comments on Maze ransomware operator’s claims on successfully stealing corporate data from Canon. He says, “Ransomware attackers tend to seek privileged entities associated to accounts, hosts and services due to the unrestricted access they can provide and to ease replication and propagation. Attackers will maneuver themselves through a network and make that step from a regular user account, to a privileged account which can allow them to deploy their tools and access all the data they need in order to finalize their ransomware attack and coerce their victims.”
He adds, “Therefore, security teams need to be agile as time is their most precious resource in dealing with ransomware attacks. Early detection and response is key to gaining back control and stopping the attackers in their tracks before they can propagate across the organization, stealing and denying access to data.”
In May, the delivery network Pitney Bowes suffered a similar ransomware attack by these cybercriminals. Here, the attackers revealed a set of screenshots as evidence of network invasion, having encoded the company’s IT systems in the hunt for a ransom amount.