A little under 10 terabytes of pictures, videos and other data have been accessed and stolen by the Maze group
Canon, the multinational corporation specialising in optical and imaging products, was recently the target of a ransomware attack that was launched by the Maze Group against its email, storage service, and its US website on July 30.
The group threatened to leak the pictures as well as the data if the company would not pay the crypto ransom.
Throughout the hack, the imag.canon site was inaccessible for six days before it went back into service on Tuesday.
On the same day, Canon released a statement regarding the attack, clarifying that there had been no leak of image data nor thumbnails of the photos that were stored in the cloud service.
A day after, the computer help site BleepingComputer confirmed that the ransomware gang had indeed managed to steal over 10 terabytes of pictures, videos, and other data. The article also showed a notification that was sent by Canon’s IT department through their company-wide network, confirming that “widespread system issues” have affected several applications.
In a strange turn of events, Maze said that its attack was not the reason behind the Canon website’s six-day outage.
Threat analyst at malware lab Emsisoft, Brett Callow, confirmed that it was likely for Maze to have access to customer’s files.
“Whether that includes customers’ photos and videos that were stored in Canon’s long-term storage is impossible to say. Canon does state that some photos and videos were lost, so it seems likely that Maze did have access to that area of the network.”
Callow noted that while ransomware used to primarily affect smaller businesses, larger companies have also been falling victim to the attacks with increasing frequency.
Aside from Canon, an independent advisory firm based in the US that specialises in consumer and retail sectors also fell victim to the Maze Group. The firm is responsible for a number of high profile clients, such as the former Spice Girl, Victoria Beckham.
Maze is a sophisticated strain of Windows ransomware that demands cryptocurrency payment in exchange for the safe recovery of encrypted data. It is capable of spreading across a corporate network, infecting computers it comes across and encrypting data so that it cannot be accessed.
Furthermore, it also steals the data it finds and sends it to servers controlled by hackers, who will threaten to release the data if the ransom is not paid.