What just happened? Another large company has apparently been hit with a ransomware attack. Following a similar incident aimed at wearables maker Garmin, Japanese tech giant Canon is reportedly suffering at the hands of hackers who have brought down systems and stolen data.
Last month's attack on Garmin forced it to close call centers, websites, and some other online services. It eventually had to pay a million-dollar ransom via ransomware negotiation business Arete IR to recover its encrypted data.
Bleeping Computer reports that Canon has also been targeted by ransomware. The attack has impacted a number of its services, including the company's US website, which still shows an "undergoing maintenance" message, as well as its email, Microsoft Teams, and dozens of its domains.
The publication obtained an internal email from Canon IT advising that the company is experiencing widespread system issues. It also published a partial screenshot of the alleged ransom note that identifies the ransomware as Maze.
The ransomware operators said they stole "10 terabytes of data, private databases etc." Maze spreads through a network and exfiltrates files before encrypting everything, making its effects potentially worse than the WastedLocker ransomware used in the Garmin attack, which is encryption-only.
If Canon does not pay the ransom, Maze will publish the stolen data on leak sites. The company says it is "currently investigating the situation."
Maze has been used in previous attacks on LG, Xerox, the Florida city of Pensacola, and many more. Back in March, the operators behind the ransomware promised not to target medical organizations during the Covid-19 pandemic. But the group published details of thousands of former patients' from Hammersmith Medicines Research (HMR)—a company that performs early clinical trials of drugs and vaccines—days after the pledge because HMR had refused to pay a ransom.