Camera giant Canon hit by Maze ransomware attack

Camera giant Canon hit by Maze ransomware attack

Canon suffers Maze ransomware attack

Japanese camera giant Canon recently suffered a Maze ransomware attack that resulted in hackers stealing 10TB of company data and disrupted multiple applications, Microsoft Teams, email, and other systems.

Canon USA recently announced that it temporarily suspended both the mobile application and web browser service of after discovering that a portion of users’ still image and video image data stored in the cloud photo platform was lost.

The loss of users’ still image and video image data stored in a 10GB long term storage database was discovered on 30th July. Even though the service was resumed on 4th August, Canon said that users will not be able to download or transfer still image thumbnails in the 10GB long-term storage.

“After the investigation, we identified that some of the photo and video image files saved in the 10GB long-term storage prior to June 16, 2020 9:00am (JST) were lost. We confirmed that the still image thumbnails of the affected files were not affected, and there was no leak of image data. After having resolved the issue that resulted in the loss of the photo and video image files, we resumed the service as of August 4, 2020,” the company said.

According to Bleeping Computer, while dealing with the outage, Canon also suffered a major ransomware attack carried out by hackers behind the Maze ransomware who successfully exfiltrated up to 10 terabytes of data stored in Canon’s private databases.

However, when contacted by the news site, the Maze hackers said they did not cause the outage affecting, indicating that the five-day outage was not caused by the ransomware attack. As of now, there is no information on when the ransomware attack took place, the nature of data accessed by hackers, or the ransom amount demanded by the hackers.

However, a message sent by Canon’s IT service centre to the company’s employees revealed that the company was experiencing “widespread system issues” affecting multiple applications, Teams, Email, and other internal systems. The cause of the system issues, however, was not revealed in the note.

Commenting on Maze ransomware operators claiming they successfully stole corporate data from Canon, Matt Walmsley, EMEA Director at Vectra, said Maze Group ransomware operators use “name and shame” tactics whereby victim’s data is exfiltrated prior to encryption and used to leverage ransomware payments. The bullying tactics used by such ransomware groups are making attacks even more expensive, and they are not going to stop any time soon, particularly within the current climate. These attackers will attempt to exploit, coerce, and capitalise on organisations’ valuable digital assets.

“Ransomware attackers tend to seek privileged entities associated to accounts, hosts and services due to the unrestricted access they can provide and to ease replication and propagation. Attackers will manoeuvre themselves through a network and make that step from a regular user account, to a privileged account which can allow them to deploy their tools and access all the data they need in order to finalise their ransomware attack and coerce their victims.

“Therefore, security teams need to be agile as time is their most precious resource in dealing with ransomware attacks. Early detection and response is key to gaining back control and stopping the attackers in their tracks before they can propagate across the organisation, stealing and denying access to data,” he added.

According to Sanjay Jagad, Sr. Director of Products and Solutions at Cloudian, traditional approaches to combating ransomware, such as anti-phishing training, firewalls and password software, often fall short and encryption doesn’t work against ransomware because the attacker can simply re-encrypt the data to prevent access to its rightful owner. The only way for organisations to really safeguard themselves is to protect data at the storage layer.

“They can do so by leveraging WORM (Write Once Read Many) storage. WORM is the easiest and most effective method to mitigating ransomware attacks. With WORM, data is made immutable: once written, it cannot be changed or deleted for a specific period. This prevents malware from being able to encrypt the data and lock the victim out.

“In the event of a ransomware attack, organisations can restore an uninfected copy of the data by a simple recovery process. In the past you needed specialized storage devices to leverage WORM. However, select object storage systems now offer a new feature called Object Lock to provide WORM functionality within your enterprise storage system. With Object Lock, data is protected at the device level, rather than being dependent on an external layer for defense,” he added.

ALSO READ: IT services major Conduent hit by Maze ransomware attack

Copyright Lyonsdown Limited 2021

Top Articles

The benefits of external threat hunting

Have you heard of external threat hunting or threat reconnaissance? If you have, you’re in the 1 per cent of the 1 per cent.

From growing supply chain attacks to ransomware gangs putting lives at risk

From ransomware pile-ons to commoditized supply chain TTPs, the threat landscape is set to evolve at a worrying pace in the year ahead.

Restricting company information - hide the truth or lie about it?

It seems like a cliché: a person’s life changes when they’re exposed to a previously concealed or distorted truth. In theory, all information is freely available – and, therefore, is…

Related Articles

[s2Member-Login login_redirect=”” /]