​Canon has suffered a ransomware attack that impacts numerous services, including Canon's email, Microsoft Teams, USA website, and other internal applications.

BleepingComputer reports they have been tracking a suspicious outage on Canon's image.canon cloud photo and video storage service resulting in the loss of data for users of their free 10GB storage feature. The image.canon site suffered an outage on July 30th, 2020, and over six days, the site would show status updates until it went back in service yesterday, August 4th. A status update "was strange," says BleepingComputer, as it mentioned that while data was lost, "there was no leak of image data" - which led BleepingComputer to believe there was more to the story and that they suffered a cyberattack.

 A source contacted BleepingComputer and shared an image of a company-wide notification titled "Message from IT Service Center" that was sent from Canon's IT department. The notification states that Canon is experiencing "wide spread system issues affecting multiple applications, Teams, Email, and other systems may not be available at this time."

After contacting the ransomware operators, BleepingComputer was told by Maze that their attack was conducted this morning when they stole "10 terabytes of data, private databases etc" as part of the attack on Canon. Maze declined to share any further info about the attack including the ransom amount, proof of stolen data, and the amount of devices encrypted. 

Brandon Hoffman, Chief Information Security Officer at Netenrich, says, “By now, the tactics related to modern ransomware attacks should not surprise anybody. As we have seen, the evolution of motivation by adversaries aligns directly with financial gain hence the rise in ransomware. Initial ransomware attacks were rudimentary and focused only on obtaining the ransom. True to form the perpetrators matured and now use full blown extortion tactics to make sure they get the money they want. These tactics go beyond dropping ransomware but include exfiltrating the data, selling access after the rain deal, and even reselling credentials. Based on the information available we can see that this attack has been persisting for some time. Indicating that the operators of Maze are leveraging everything they can from this attack. Attacking first the more public assets and moving the the juicier parts of the organization, it seems they are leaving nothing on the bone.” 

Caroline Thompson, Head of Underwriting at Cowbell Cyber, notes that, “The best outcome of a ransomware attack for any organization is to always have a readily available backup. But, such attack will trigger damages beyond the ransom payment itself – the business interruption can cause revenue loss, reputational harm, even compromised data – which a cyber insurance policy can cover.”