Canon has recently suffered a ransomware attack that affected over 30 of its external and public services, including email and USA website. According to the reports, 10TB of data and private databases have been stolen. And if Canon doesn’t pay the ransom, they will be leaked publicly.
BleepingComputer has investigated the case and found that 34 Canon domains have been attacked. This source has also obtained a message allegedly sent from IT Service Center as a company-wide notification. The message reads that Canon USA is “experiencing wide spread system issues affecting multiple applications, Teams, Email, and other systems may not be available at this time.”
At the time of writing this, when you visit Canon USA, there is a message reading that the site is “currently undergoing maintenance.”
BleepingComputer has even obtained a partial screenshot of what seems to be a ransom note sent to Canon. This source notes that they identified it as from the Maze ransomware. They even reached out to Maze operators, who confirmed the attack. They told BleepingComputer that they stole “10 terabytes of data, private databases etc.” Maze declined to share “any further info about the attack including the ransom amount, proof of stolen data, and the amount of devices encrypted” BleepingComputer writes.
When I first saw this story, my initial thought was that the image.canon outage from 30 June was related to the ransomware attack. However, Maze has allegedly told BleepingComputers that they didn’t cause image.canon shutdown. As for that website, it’s up and running again, but still has some hiccups and not all data have been retrieved.