Maze ransomware gang leaked Canon USA’s stolen files

Maze ransomware operators have leaked online the unencrypted files allegedly stolen from Canon during a recent ransomware attack.

According to an internal memo obtained by ZDNet last week, the recent outage suffered by Canon was caused by a ransomware attack, at the same time Maze ransomware operators were taking the credit for the incident.

The memo also reveals that the company has hired an external security firm to investigate the incident.

The problem was first reported by Bleepingcomputer, which tracked a suspicious outage on Canon’s image.canon cloud photo and video storage service. According to the media outlet, the incident resulted in the loss of data for users of their free 10GB storage feature.

The image.canon site suffered an outage on July 30th, 2020, that lasted for six days, until August 4th.

At the time the company only confirmed an internal investigation on a problem related to “10GB of data storage.”

According to Canon, some of the photo and image files saved prior to June 16 were “lost,” but it pointed out that they were not exposed in a data leak.

Now the Maze ransomware operators have published unencrypted files allegedly stolen the Canon during the ransomware attack.

BleepingComputer obtained from its source a portion of the ransom note and an internal notification that Canon sent to its employees.

BleepingComputer has obtained additional unpublished internal documents sent by the Canon IT department on August 10th to the employees about the restoration of services.

“We are only sharing a portion of the email below, as we do not want to reveal the company’s internal systems.” reads the post from BleepingComputer.

Maze ransomware operators have started to publish data stolen from the company on its data leak site.The gang has published a 2.2 GB archive called “STRATEGICPLANNINGpart62.zip” that attackers claim contain around 5% of the total amount of documents stolen during the attack,

The archive contains files related to Canon’s website and marketing materials, according to BleepingComputer’s source it do not appear to contain any financial information, employee information, or other sensitive data.

Maze ransomware operators recently published internal data from LG and Xerox after the company did not pay the ransom.

As usual, the Maze ransomware operators threaten the victims to pay the ransom to avoid their data being leaked online. 

Maze ransomware operators have also breached the systems of the Xerox Corporation and stolen files before encrypting them.

In the past months Maze Ransomware gang breached the US chipmaker MaxLinear and Threadstone Advisors LLP, a US corporate advisory firm specialising in mergers ‘n’ acquisitions.

Maze operators were very active during the past months, they have also stolen data from US military contractor Westech and the ST Engineering group, and they have released credit card data stolen from the Bank of Costa Rica (BCR) threatening to leak other lots every week.

Previous victims of the ransomware gang include IT services firms Cognizant and Conduent.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Maze ransomware operators)

[adrotate banner=”5″]

[adrotate banner=”13″]