A day-long breakdown at camera and printer manufacturer Canon may be the result of a ransomware attack.
In addition, 10 TB of data would have been stolen. Mail, internal applications and the American website were unavailable for a few days.
Canon’s cloud storage service image.canon has been out of reach in recent days. The service offers photographers 10 GB of free storage for their photos, but was shut down due to a power outage on July 30 and didn’t come back online until August 4.
In the official announcement after that breakdown, Canon reports that it turned off the service to conduct an investigation and that some documents uploaded before June 16 may be lost. The site also says that no images were ‘leaked’.
Tech site BleepingComputer now writes, based on messages sent to employees, that the company suffered a cyber attack. In addition, a variety of internal systems would be blocked, including Microsoft Teams, email and the backend of the US website.
The site also claims to have received part of the ransom note, which must indicate that it is Maze ransomware. The people behind the Maze malware tell the site that they stole ten terabytes of data in the attack.
Maze, like WastedLocker that supposedly attacked Garmin last month, is a ransomware that targets explicitly large companies. The malware secretly tries to spread through a network to access an admin account and the network’s Windows domain controller.
Once enough data has been stolen, ransomware that blocks the network is rolled out, and the company has to pay a ransom to get its systems back online.