Canon data leaked online after company refuses to negotiate with ransomware attackers

(Image credit: Canon)

Data belonging to camera manufacturer Canon has been published online after the firm fell victim to a ransomware attack last week, which took a number of its systems offline.

The attackers, known as Maze, originally gave the company seven days in which to respond to demands, but the release of Canon data online suggests the firm is unwilling to pay the ransom fee.

Maze has so far published 2.2GB of stolen data, which it claims accounts for 5% of the total archive, in what appears to be a warning shot designed to lure Canon to the negotiating table.

The leaked data is said to contain marketing materials, but no personal or financial information - although it is possible the attackers may be withholding the most sensitive data to use as leverage.

Canon ransomware

Ransomware attacks have grown in frequency in recent years and have the potential to cause significant disruption, as highlighted by the recent assault on fitness giant Garmin

In the case of Canon, the ransomware attack disabled the company’s email services, US website and various internal applications. The website initially served a message that suggested routine maintenance was taking place, but the firm later confirmed ransomware was responsible for the outage. 

“Canon U.S.A., Inc. and its subsidiaries understand the importance of maintaining the operational integrity and security of our systems. Access to some Canon systems is currently unavailable as a result of a ransomware security incident we recently discovered,” read an internal message delivered to staff.

“We immediately implemented our response protocols and began an investigation. Cybersecurity experts who have worked with other companies that have had similar issues have been engaged. We are working quickly to address the issue and to restore operations.”

Maze ransomware has previously been used to encrypt and steal the data of high-profile organizations such as LG, Xerox, Cognizant and more.

In many instances, Maze operators also lift a significant amount of data. This ensures the victim cannot restore its systems via a simple backup and must engage with the attackers, for fear of the financial repercussions attached to a data breach.

It is unclear whether Canon has refused to pay the ransom outright or whether the company’s delay pushed Maze into action. It is also unclear how much the operators are demanding for the safe return of the data.

Canon told TechRadar Pro it was unable to comment on whether the ransom will be paid.

Via BleepingComputer

Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.