A nasty group that has hit even a US nuclear missile contractor has just disrupted the global technology innovator’s operations
Technology giant Canon has been hit by Maze ransomware, suffering an outage impacting users of the image.canon photo storage site. There are unconfirmed reports that the ransomware attack involved the theft of 10TBs of data across multiple services.
A report lists a total of 24 Canon domains that appear to have been impacted, including canonhelp.com, which showed an internal server error message when accessed. Canon had apparently issued a company-wide notification from the IT Service Center informing employees that there are “widespread system issues” affecting applications and emails—amongst other corporate services.
According to John Shier, Senior Security Advisor, Sophos, the ransomware attack on Canon is yet another example of the Maze gang’s sustained and brazen targeting of enterprises. “Following other recent high-profile attacks, this latest salvo should be a wake-up call to all the enterprises that have not (reassessed) their security posture and bolstered their defenses against these pernicious adversaries.”
A Maze hiding in plain sight
Shier said that many of these attacks start by exploiting external services or via simple phishing campaigns. The successful campaigns will often be followed by living-off-the-land techniques, abusing over-privileged and under-protected accounts, and hiding in plain sight. “Enterprises must take the time to ensure they’ve built a strong security foundation (e.g. principle of least privilege, multi-factor authentication everywhere, patching, user training, etc.), which includes investment in both prevention and detection technologies today if they don’t want to be a victim tomorrow.”
SophosLabs has studied the Maze group—notoriously known for double extortion threats:
- Pay up to get the decryption key to recover your precious files that have been scrambled
- Pay to stop us releasing your precious data that could harm your business