Camera maker Canon hit by Maze ransomware, website down

Malicious actors behind Maze ransomware claim the next victim: prominent camera and lens developer Canon

Canon website was down for days, although it is attributed to technical difficulties by the company

In the world of science, communication, and the highest level of technology, even the most high-profile companies remain vulnerable to a malware attack – not even the most expensive antivirus neither their best IT specialists can protect them.

This time, Canon has got a painful lesson as Maze ransomware^[1] took the credits for one more successful attack. Previously, the prolific cybercriminal gang targeted IT giant Cognizant,^[2] Pitney Bowes, and the Costa Rica bank^[3] – all fell victims to Maze. Judging by an internal memo, the camera maker is now working with a third-party security firm to investigate the cyberattack.^[4]

The USA Canon website has been down for a few days stating:

Our heads aren’t in the clouds. We’re just busy improving our corporate site.

The image.canon site has been down since July 30 – it is used by device users who upload photos to the Canon site via mobile apps.

Unfortunately, it was not only about improving but also finding a way to solve the unexpected. Canon has admitted the some of the files uploaded to the site “might have been lost,” however, it has also assured the photos of their clients have remained safe, and there is no need to worry about them.

<…> there was no leak of image data.

Maze ransomware attack and lost data might not be related to each other

Image.canon website has been down for almost a week, showing different errors for its users and making them suspect something has gotten really wrong. The beloved service of photo uploading and storage through Canon mobile apps has experienced problems too. Canon from its side has confirmed some data uploaded prior to the 16th June might be lost, but is still “under investigation.” IT issues, including apps, Microsoft Teams, email, and the website itself was believed to be under attack, though the actors of Maze ransomware have claimed the website issues have been an accidental coincidence and have nothing to do with their actions.

Ransomware operators have also claimed they have taken over 10TB of user information, which is yet to be confirmed. The gang is not about jokes and have proven their serious intentions just a few days ago when many gigabytes of data from LG and Xerox companies have been widely published. The companies have refused to pay the ransom once they were hit some time ago.

Website is still experiencing difficulties

Yesterday, the 10th of August was still not the best day in Canon as their USA website was still showing to be unavailable and inviting to visit Canon Canada for drivers or software issues.

The Canon Europe is working fine and has not reported any suspicious activity to the date. Different sources claim that Canon USA has officially informed its employees of the ransomware problem and is most likely to hire a third party company to evaluate the situation before taking the final actions regarding this cyberattack.^[5] The story might evolve differently anytime and the outcomes hopefully will not be too painful for regular users of Canon USA.