Canon data leaked by Maze ransomware group

Some of the data that was stolen from the Canon ransomware attack last month has been released online, leading to speculation the Japanese multinational corporation refused to pay ransom.

We reported on 6 August that Canon had suffered a major ransomware attack, with up to 10TB of company data stolen. The camera maker also suffered widespread system outages as a result.

Read: Canon suffers ransomware attack, hackers threaten data dump if not paid

Canon’s email, Microsoft Teams, US website, and other internal applications were affected, according to a report by the tech website BleepingComputer. The company has been able to restore some services, including its US online page.

A hacking group behind the Maze malware claimed responsibility for the hack, telling BleepingComputer it stole “10 terabytes of data, private databases, etc” from Canon. The group threatened to dump the data online if the company refused to pay the ransom.

Ransomware attacks are growing in frequency and intensity. Just weeks before, Garmin had its operations crippled by Evil Corp, the hacking group behind malware tool WastedLocker. The fitness hardware and software company reportedly paid $10m to the hackers to get its data back.

Read: Update: Garmin yet to recover after ransomware attack

In a ransomware attack, hackers encrypt a company’s data and demand payment for the decryption key.  Such attacks usually emanate from simple phishing campaigns or exploiting external services.

Speaking to Gulf Business after the initial Canon attack, John Shier, senior security advisor at cybersecurity firm Sophos, described the hack on Canon as another example of Maze gang’s “sustained and brazen targeting of enterprises”.

“Following other recent high-profile attacks, this latest salvo should be a wake-up call to all the enterprises who haven’t taken the time to assess their security posture and bolster their defences against these pernicious adversaries,” he said.

Shier called upon enterprises to ensure they’ve built a strong security foundation that includes the principle of least privilege, multi-factor authentication (MFA) everywhere, patching and user training, among other measures.

“[These measures must include] investment in both prevention and detection technologies today if they don’t want to be a victim tomorrow,” he added.