The attack affected the company's storage and email services, Microsoft Teams, as well as the USA version of its website. "In order to conduct further investigation, we temporarily suspended both the mobile application and web browser service of image.canon", Canon reports.
Following the incident, Canon's IT service sent a company-wide notification indicating that it is experiencing "widespread system problems affecting multiple applications, computers, email, and other systems may not be available at this time". "Enterprises must take the time to ensure they've built a strong security foundation", he said.
Although Canon's statement on the other hand was that some of the images and videos have been lost, there has been no data leak. "If you do not contact us in three days we will post information about your breach on our public news website and after seven days the whole download info". It also added that as part of the outage, the Canon USA website would be unavailable.
In response to BleepingComputer, the hacking grouping behind the ransomware claimed that they have stolen "10 terabytes of data, private databases, etc." in the attack, but denied providing any specific proof.
Partial ransom note from Canon aggressors.
Hmmm. So according to Canon, there wasn't any "image data" leaked out here, despite also saying that "some of the photo and video image files" that were saved in its system were mysteriously lost.
After initially gaining a foothold in an infected network, the operators behind the Maze ransomware typically move through the infrastructure to gain access to a regular user account before moving up to a privileged account, says Matt Walmsley, a director at security firm Vectra. This seems to identify it as a "Maze ransomeware" attack, which involves encrypting the data and then threatening to release it into the public domain unless a ransom is paid.
"Following other recent high-profile attacks, this latest salvo from the Maze gang should be a wake-up call to all the enterprises that haven't taken the time to assess their security posture and bolster their defenses against these pernicious adversaries", John Shier, senior security advisor at cyber security solutions firm Sophos, has said.
BleepingComputer has investigated the case and found that 34 Canon domains have been attacked.
Watch this space for more updates, as this is a developing story!