Now Reading
Canon suffers ransomware attack, hackers threaten data dump if not paid

Canon suffers ransomware attack, hackers threaten data dump if not paid

Canon’s email, Microsoft Teams, US website, and other internal applications are affected

Canon has suffered a major ransomware attack, two weeks after Garmin’s services were shut down by a similar attack.

Online tech news site BleepingComputer reports that 10TB of company data has also been stolen, with the camera maker suffering widespread system outages.

Canon’s email, Microsoft Teams, US website, and other internal applications are affected, the report says. The company’s US website currently says the site is “down for maintenance” although its global and Japanese websites seem unaffected.

A partial screenshot obtained by BleepingComputer shows the alleged ransom note sent to Canon, identifying ‘Maze’ as the ransomware used in the attack.

Unlike other ransomware, such as WastedLocker that targeted Garmin, Maze not only holds IT systems hostage, it also exfiltrates data to gain more leverage over victims. The hacking group behind the Maze attack told BleepingComputer they stole “10 terabytes of data, private databases, etc” from Canon. The data could end up online if Canon refuses to pay the ransom.

Read: Garmin restores some services, a week after a ransomware attack

John Shier, senior security advisor at cybersecurity firm Sophos described the ransomware attack on Canon as another example of Maze gang’s sustained and brazen targeting of enterprises. “Following other recent high-profile attacks, this latest salvo should be a wake-up call to all the enterprises who haven’t taken the time to assess their security posture and bolster their defences against these pernicious adversaries,” he said.

Many ransomware attacks start by exploiting external services or simple phishing campaigns.

“The successful campaigns will often be followed by living-off-the-land techniques, abusing over-privileged and under-protected accounts, and hiding in plain sight,” Shier warned.

Shier calls upon enterprises to ensure they’ve built a strong security foundation that includes the principle of least privilege, multi-factor authentication (MFA) everywhere, patching and user training, among other measures. “[These measures must include] investment in both prevention and detection technologies today if they don’t want to be a victim tomorrow,” he concluded.

Why businesses within the Middle East need to guard against a “new normal” wave of cyberattacks

You might also like

© 2020 MOTIVATE MEDIA GROUP. ALL RIGHTS RESERVED.

Scroll To Top