Canon hacked: servers are down, information is stolen, hackers demand money
According to the Internet publication BleepingComputer, Canon’s online services have undergone a powerful hacker attack. Currently, more than two dozen American sites of the manufacturer of photo and video equipment, as well as mail services, internal corporate platforms, and many other applications, are not working. In addition, according to the source, the hackers allegedly stole 10 TB of data, including personal information.
The source reports that the attack allegedly began on July 30, from the image. canon site (Canon’s cloud service that allows you to store photos and videos), when problems began to be observed in its work, and then it completely shut down. The service was unavailable for several days. Canon launched it again on July 4th. However, nothing was reported on the main page of the site about the hacker attack. In addition, the message indicates that there were problems with access to 10 GB of archived information saved before June 16, as a result of which this data was lost. At the same time, Canon assures that no data leaks have occurred. In general, they solved all the problems.
BleepingComputer decided to dig deeper and found out that problems were (and still are) not only with the cloud service Canon. Several dozen other online resources of the company were under attack. The journalists received an image of a message from the Canon service department, which indicates massive system problems in the work of many platforms, as well as problems with access to various resources, including mail and a channel for communication on the Microsoft Teams platform.
The check showed that at the moment none of the more than 20 sites of the company presented below are working. At the entrance to them, the user is greeted by a “stub”, indicating that the resource is under maintenance.
It was later revealed that the attack was carried out by the Maze hacker group behind the creation of the Maze Ransomware ransomware virus. The journalists managed to reach out to its representatives. They denied the information that the initial attack on the site image.canon was carried out by them, however, they confirmed that more than 20 different Canon services were behind the hack. The resource was able to get at its disposal part of the screenshot with a message from hackers to Canon, in which they indicate that they have gained access to “10TB of data, private databases and other information” stored on the servers of Canon online services. The hackers refused to confirm their words in any way.
In their message, the Maze hackers also report that they encrypted the stolen data and its backups. Canon will only be able to access the decryptor and data access if it decides to pay for it. In addition, after payment, hackers undertake to delete all data from their media. The details of the deal were not disclosed, but the attackers are ready to provide them through their own site on the darknet. Apparently, below in the message, there is an instruction on how to do this, but the screenshot further breaks off. If Canon does not agree to the proposed terms, Maze threatens to publish all of the company’s data publicly on its website.
Resource BleepingComputer asked for comments in the Canon, but there is still silence. According to the source, many companies, including LG, Xerox, Conduent, MaxLinear, Cognizant, Chubb, VT San Antonio Aerospace, and others, have previously become victims of the Maze hackers and their ransomware Maze Ransomware.
