Hackers have reportedly targeted Canon’s US-based services with the notorious Maze ransomware, rendering various services offline and compromising 10TB of data.
The alleged cyber attack has affected a number of services, including Canon’s email, Microsoft Teams, its US website and several internal applications, according to Bleeping Computer, with users also unable to access various domains.
The publication obtained a partial screenshot of an alleged ransom note and also liaised with the ransomware operators, who claimed they conducted their attack yesterday, stealing “10 terabytes of data, private databases etc” in the process.
“We are aware that Canon USA are experiencing system issues – an investigation is currently taking place," a spokesperson told IT Pro. "We can confirm however that this is unrelated to the data loss we experienced on image.canon earlier this week.”
UK sites and servies appear to be unaffected by the attack.
The hackers behind Maze have been prolific in recent months, targeting a vast number of enterprises during 2020. Aerospace services provider VT San Antonio Aerospace (VT SAA), for example, was affected in June, while Xerox was among a handful of high-profile victims last month, with the ransomware group stealing more than 100GB files from the legacy printing giant.
This is in addition to the major attack on the IT services provider Cognizant earlier this year, which led to the company announcing it could lose up to $70 million as a direct result.
Canon’s IT department reportedly distributed a message to its employees yesterday morning suggesting its US-based systems were experiencing widespread issues, affecting multiple applications, including emails and use of Microsoft Teams.
Several domains are also out of action at the time of writing, with senior security advisor with Sophos, John Shier, suggesting this could be as many as 24 services. Among these are canonusa.com, canonhelp.com and canonbroadcast.com.
“Following other recent high profile attacks, this latest salvo should be a wake-up call to all enterprises that haven't taken the time to assess their security posture and bolster their defences against these pernicious adversaries,” Shier said.
“Many of these attacks start by exploiting external services or simple phishing campaigns. Successful campaigns will often be followed by living-off-the-land techniques, abusing over-privileged and under-protected accounts, and hiding in plain sight.”
He added that enterprises must take the time to build a strong security foundation which includes multi-factor authentication (MFA) everywhere, regular patching, and user training.
-
Using DeepSeek at work is like ‘printing out and handing over your confidential information’News Thinking of using DeepSeek at work? Think again. Cybersecurity experts have warned you're putting your enterprise at huge risk.
-
Can cyber group takedowns last?ITPro Podcast Threat groups can recover from website takeovers or rebrand for new activity – but each successful sting provides researchers with valuable data
-
Average ransom payment doubles in a single quarterNews Targeted social engineering and data exfiltration have become the biggest tactics as three major ransomware groups dominate
-
BlackSuit ransomware gang taken down in latest law enforcement sting – but members have already formed a new groupNews The notorious gang has seen its servers taken down and bitcoin seized, but may have morphed into a new group called Chaos
-
Google cyber researchers were tracking the ShinyHunters group’s Salesforce attacks – then realized they’d also fallen victimNews In an update to an investigation on the ShinyHunters group, Google revealed it had also been affected
-
Nearly one-third of ransomware victims are hit multiple times, even after paying hackersNews Many ransomware victims are being hit more than once, largely thanks to fragmented security tactics
-
75% of UK business leaders are willing to risk criminal penalties to pay ransomsNews A ransom payment ban is a great idea - until you're the one being targeted...
-
The Scattered Spider ransomware group is infiltrating Slack and Microsoft Teams to target vulnerable employeesNews The group is using new ransomware variants and new social engineering techniques - including sneaking into corporate teleconferences
-
Hackers breached a 158 year old company by guessing an employee password – experts say it’s a ‘pertinent reminder’ of the devastating impact of cyber crimeNews A Panorama documentary exposed hackers' techniques and talked to the teams trying to tackle them
-
The ransomware boom shows no signs of letting up – and these groups are causing the most chaos
News Thousands of ransomware cases have already been posted on the dark web this year
