Canon Suffers Ransomware Attack, With 10TB Of Data Stolen – Report

Canon is at the centre of reports of a security incident, namely that it has suffered a significant ransomware attack.

The attack has impacted numerous services, including Canon’s email, Microsoft Teams, USA website, and other internal applications, according to a report on BleepingComputer.

The attack comes after Garmin last week paid millions to Russian hackers for the decrypt key to its systems.

Ransomware attack

But Canon has so far not officially declared an incident, but BleepingComputer reported that it has been tracking a suspicious outage on Canon’s image.canon cloud photo and video storage service resulting in the loss of data for users of their free 10GB storage feature.

It also reported that the image.canon site suffered an outage on 30 July, and over six days, the site would show status updates until it went back in service on 4 August.

BleepingComputer said it had been contacted by a source, who shared an image of a company-wide notification titled “Message from IT Service Center” that was sent from Canon’s IT department.

This notification states that Canon is experiencing “wide spread system issues affecting multiple applications, Teams, Email, and other systems may not be available at this time.”

BleepingComputer reported that it obtained a partial screenshot of the alleged Canon ransom note, which it has been able to identify as from the Maze ransomware.

After contacting the ransomware operators, BleepingComputer was told by Maze that their attack stole “10 terabytes of data, private databases etc” as part of the attack on Canon.

Maze declined to share any further info about the attack including the ransom amount, proof of stolen data, and the amount of devices encrypted.

In a statement to BleepingComputer, Canon said it is “currently investigating the situation.”

GDPR breach

Security experts warned that it seems Canon is in the midst of dealing with the incident, and if the data theft is true, it could potentially be a breach of GDPR and it is not helping matters with its tardy confirmation.

“It has yet to be revealed how this ransomware attack took place – it would seem that Canon too is scrambling to understand what has happened and how it has happened,” noted Niamh Muldoon, senior director of trust and security at OneLogin.

“While they have made a clear statement that image files have not been lost, they have not clarified whether the image files have been accessed and/or modified,” said Muldoon. “As these files contain photos of real people, hackers can clearly identify a natural person. As such, the exposure of this sensitive information is likely in breach of GDPR.”

“If an investigation shows that Canon did not comply with the 72-hour notification requirement nor implement reasonable technical and organisational measures to reduce the risk of a breach such as two-factor authentication, they could be subject to substantial fines,” said Muldoon.

“In either case, this serves as a pertinent reminder for all organisations that the best defence is to adopt security monitoring tools to detect threats from manifesting in the first place,” Muldoon concluded.

“In the unfortunate case that they do, monitoring tools can provide insight into the root cause of the event which organisations can learn from to prevent future incidents,” he added. “What’s more, organisations should invest in building a robust Business Continuity Plan. That means having regular backups, version control and thorough testing of disaster recovery procedures.”

Defend yourself

Meanwhile other expert warned that ransomware attacks are ongoing and firms have to implement appropriate counter measures as a priority.

“This suspected ransomware attack is indicative of one thing – the proliferation of these types of attacks shows no signs of abating,” said Carl Wearn, gead of e-crime at Mimecast.

“As long as organisations continue to pay, cybercriminals will continue to view it as a financially lucrative activity which creates even further motivation for attacks,” said Wearn. “The severe downtime that could arise as a result of these types of attacks, which our research shows is an average of 3 days, will not only potentially cost thousands in terms of data recovery and operational costs but can also lead to significant brand reputation damage that can have much more lasting impact.”

“Implementing strong resiliency measures should be the number one priority for all organisations in order to minimise the threats of ransomware attacks and ensure that business operations can proceed as normal should the worst happen,” said Wearn.

“Ransomware is often a secondary infection, and threat actors are looking to exploit known vulnerabilities, particularly in relation to RDP, and servers and applications key to working from home,” he said.

“Key to mitigating this is ensuring vulnerabilities are patched in a timely fashion and that network data logs are monitored to detect any unusual activity or data exfiltration,” Wearn concluded. “There is therefore a potential window of opportunity to remediate any primary infection and thereby stop it developing into a ransomware attack.”

Do you know all about security? Try our quiz!