Canon released a minor firmare update for the Canon EOS R5 and Canon EOS R6.…
Canon has been attacked by the Maze ransomware group. Many Canon sites are affected.
As BleepingComputer reports, numerous Canon services have been affected, including Canon’s email, Microsoft Teams, the Canon USA website, and other internal applications. These Canon related domains have been affected:
www.canonusa.com www.canonbroadcast.com b2cweb.usa.canon.com canondv.com canobeam.com canoneos.com bjc8200.com canonhdec.com bjc8500.com usa.canon.com imagerunner.com multispot.com canoncamerashop.com canoncctv.com canonhelp.com bjc-8500.com canonbroadcast.com imageland.net consumer.usa.canon.com bjc-8200.com bjc3000.com downloadlibrary.usa.canon.com www.cusa.canon.com www.canondv.com
BleepingComputer was able to obtain a partial screenshot of the ransom note:
Reports BleepingComputer about Maze and the attack against Canon:
After contacting the ransomware operators, BleepingComputer was told by Maze that their attack was conducted this morning when they stole “10 terabytes of data, private databases etc” as part of the attack on Canon […]
Maze is an enterprise-targeting human-operated ransomware that compromises and stealthily spreads laterally through a network until it gains access to an administrator account and the system’s Windows domain controller.
During this process, Maze will steal unencrypted files from servers and backups and upload them to the threat actor’s servers.
Once they have harvested the network of anything of value and gain access to a Windows domain controller, Maze will deploy the ransomware throughout the network to encrypt all of the devices.
If a victim does not pay the ransom, Maze will publicly distribute the victim’s stolen files on a data leak site that they have created.
Maze has claimed responsibility for other high-profile victims in the past, including LG, Xerox, Conduent, MaxLinear, Cognizant, Chubb, VT San Antonio Aerospace, the City of Pensacola, Florida, and more.
The Canon USA site is still down. It seems this attack is not related to the image.canon outage of a few days ago. Canon released a statement to BleepingComputer, saying they are “currently investigating the situation.”