Did Maze ransomware operators steal 10 GB of data from Canon?

An internal memo confirms that the prolonged outage suffered by Canon last week was caused by a ransomware infection, Maze operators took credit for it.

According to an internal memo obtained by ZDNet, the recent outage of Canon was caused by a ransomware attack, while Maze ransomware operators are taking the credit for the incident.

The memo also reveals that the company has hired an external security firm to investigate the incident.

The problem was first reported by Bleepingcomputer, which tracked a suspicious outage on Canon’s image.canon cloud photo and video storage service. According to the media outlet, the alleged incident resulted in the loss of data for users of their free 10GB storage feature.

The image.canon site suffered an outage on July 30th, 2020, that lasted for six days, until August 4th.

At the time the company only confirmed an internal investigation on a problem related to “10GB of data storage.”

According to Canon, some of the photo and image files saved prior to June 16 were “lost,” but it pointed out that they were not exposed in a data leak.

“Currently, the still image thumbnails of these lost image files can be viewed but not downloaded or transferred,” reads the notice issued by Canon. “If a user tries to download or transfer a still image thumbnail file, an error may be received.”

At the same time, the company issued an internal memo that warned employees of “company-wide” IT issues, which also impacted email systems. 

Maze ransomware operators announced to have stolen 10TB of data as a result of a ransomware attack against the company but denied responsibility for the image.canon issues. If confirmed this means that the outage was not caused by the ransomware infection, but that anyway Maze operators have exfiltrated 10 GB of data from the company. Another memo sent to the employees specifically refers a “ransomware incident” and revealed that Canon has hired a cyber forensics firm to investigate the intrusion.

Maze ransomware operators recently published internal data from LG and Xerox after the company did not pay the ransom.

As usual, the Maze ransomware operators threaten the victims to pay the ransom to avoid their data being leaked online. 

Maze ransomware operators have also breached the systems of the Xerox Corporation and stolen files before encrypting them.

In the past months Maze Ransomware gang breached the US chipmaker MaxLinear and Threadstone Advisors LLP, a US corporate advisory firm specialising in mergers ‘n’ acquisitions.

Maze operators were very active during the past months, they have also stolen data from US military contractor Westech and the ST Engineering group, and they have released credit card data stolen from the Bank of Costa Rica (BCR) threatening to leak other lots every week.

Previous victims of the ransomware gang include IT services firms Cognizant and Conduent.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Maze ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]