Canon hit with ransomware attack

Canon can't seem to catch a break lately.

The ransomware group, Maze has claimed responsibility for taking down CanonUSA as well as quite a few other of Canon USA's front facing websites.  They claim to have also stolen 10TB of data from Canon USA's servers.

The websites in question are;

• www.canonusa.com
• www.canonbroadcast.com
• b2cweb.usa.canon.com
• canondv.com
• canobeam.com
• canoneos.com
• bjc8200.com
• canonhdec.com
• bjc8500.com
• usa.canon.com
• imagerunner.com
• multispot.com
• canoncamerashop.com
• canoncctv.com
• canonhelp.com
• bjc-8500.com
• canonbroadcast.com
• imageland.net
• consumer.usa.canon.com
• bjc-8200.com
• bjc3000.com
• downloadlibrary.usa.canon.com
• www.cusa.canon.com
• www.canondv.com

This seems to have affected Canon USA only as Canon Global, and other sites are still up and running.

What Maze is and does is explained by BleepingComputer;

Maze is an enterprise-targeting human-operated ransomware that compromises and stealthily spreads laterally through a network until it gains access to an administrator account and the system's Windows domain controller.

During this process, Maze will steal unencrypted files from servers and backups and upload them to the threat actor's servers.

Once they have harvested the network of anything of value and gain access to a Windows domain controller, Maze will deploy the ransomware throughout the network to encrypt all of the devices.

Maze has stated that they have nothing to do with the image.canon outage that occurred last week and seems to be unrelated.

It's not clear if this attack has spread beyond Canon USA or into more of their global operations.

• BleepingComputers