Photographic equipment and printer maker Canon may have suffered large-scale ransomware in the last week. For several days, a number of domains related to the company have been down, and now a group has acknowledged authorship of the attack.
According to the website Bleeping Computer, the criminals known as Maze were responsible for the ransomware, that hijacked data, affected security, and immobilized the company’s activities. The attack would have taken down the email and videoconferencing system, several websites and even internal tools. Furthermore, 10TB of files from Canon’s storage system would have been stolen in the operation.
The source consulted by the site shared a screenshot of the supposed ransomware “rescue ticket”, but the veracity of the document has not been proven. The Maze group claims that it will distribute the 10 TB of files if an established amount is not paid. There is no information about stolen or compressed internal data. They have already claimed responsibility for other similar crimes involving giants like LG, Xerox and even the system of an entire US city.
The alleged data hijacking ticket and files with payment instructions.Fonte: Bleeping Computer
Recently, the smartwatch company Garmin was also a victim of ransomware and had several operations halted for a few days until activities resumed.
Interestingly, the site even reports that the image.canon cloud storage service went down between July 30th and August 4th because of a “problem” detected by the company. She guarantees that data has not been stolen, but the statement caused strangeness in the community.
The warning about failures in the hosting service.Fonte: Bleeping Computer
In addition, the Maze group claims it had nothing to do with this activity, leading to speculation that Canon may have suffered two near-simultaneous attacks in recent days.
Consulted by Bleeping Computer, Canon says it is currently investigating the situation, without providing further details. Canon’s global and national website has returned to the air, but the global page remains suspended.