A server room — but not Canon's

Canon can't catch a break. According to a report from BleepingComputer, Canon has been hit by a ransomware attack that’s resulted in more than 10TB (yes, terabytes) of data being taken from Canon servers.

In a detailed report, BleepingComputer says known ransomware group ‘Maze’ has taken credit for the attack, which has affected nearly every facet of the company, both internal and consumer-facing. BleepingComputer also reports Canon’s IT department has sent out a company-wide message that reads:

'Message from IT Service Center

Attention: Canon USA is experiencing widesrpead system issues, affecting multiple applications, Teams, Email and other systems may not be available at this time. We apologize for the inconvenience — a status update will be provided as soon as possible.'

A number of the below domains from Canon show this error when attempting to visit.

At this time, the following domains of Canon are being affected:

  • www.canonusa.com
  • www.canonbroadcast.com
  • b2cweb.usa.canon.com
  • canondv.com
  • canobeam.com
  • canoneos.com
  • bjc8200.com
  • canonhdec.com
  • bjc8500.com
  • usa.canon.com
  • imagerunner.com
  • multispot.com
  • canoncamerashop.com
  • canoncctv.com
  • canonhelp.com
  • bjc-8500.com
  • canonbroadcast.com
  • imageland.net
  • consumer.usa.canon.com
  • bjc-8200.com
  • bjc3000.com
  • downloadlibrary.usa.canon.com
  • www.cusa.canon.com
  • www.canondv.com

BleepingComputer also shared a partial screenshot it claims is ‘the alleged Canon ransom note.’ Maze, the ransomware operators claiming to be behind the attack, says it stole 10TB of data, private databases and more, but failed to provide any information on how much of a ransom it’s asking and proof of what was taken.

The recent issues with Canon’s cloud-based media platform, image.canon, are unrelated to this ransomware attack, according to Maze.

BleepingComputer describes Maze as ‘an enterprise-targeting human-operated ransomware that compromises and stealthily spreads laterally through a network until it gains access to an administrator account and the system’s Windows domain controller.’ Maze is behind ransomware attacks on numerous other enterprises, such as LG, Xerox and more.

We contacted Canon for more information on the matter, to which Canon’s PR team replied ‘We are currently investigating the situation.’

We were also sent the following screenshot, which is allegedly an internal email sent out by Canon's 'Crisis Management Committee:

We will continue to follow-up on this story and provide updates as they become available.