After a massive data breach leaking 20 GB of Intel's confidential internal documents that have been shared on Twitter, Canon faces a much worse attack with 10 TB of files allegedly stolen for unknown ransom.
A lot of details are unclear about the incident as Canon has been cautious about the details they release in public. However, Gizmodo cited the earlier report by Bleeping Computer claiming that Maze ransomware has targeted the camera company.
Maze got hold of 10TB of Canon data
Meanwhile, ransomware operators Maze told BleepingComputer that they were able to get hold of 10 TB of data and private databases as part of the attack on Canon, no other details were provided, particularly any proof of stolen data, how much the ransom is, and the number of encrypted devices.
Maze operates ransomware attacks that compromise a system then spread until it gets access to the Windows domain controller and administrator account. The cyber attackers will then download unencrypted files from servers and backups and save them to their own servers.
Maze will deploy the ransomware throughout the network and it will threaten to distribute the stolen files unless the victim pays the ransom. This group of ransomware operators was responsible for other high-profile attacks to institutions like Xerox, LG, Conduent, Chubb, MaxLinear, Cognizant, VT San Antonio Aerospace, and the City of Pensacola, Florida.
Meanwhile, Canon told BleepingComputer that they are "currently investigating the situation."
Read also: Intel Hacked: 20GB of Data Including Secret Files Accessible Using Password 'Intel123' Leak Online
Lost images in cloud storage
A Bleeping Computer's unnamed source shared an image of a notification from Canon's IT department that was sent at about 6 a.m. on August 4. The message read that the company "is experiencing widespread system issues" that affected multiple systems and applications like Microsoft Teams, company emails, and image.canon where Canon users save their photos.
While it was initially first thought that the image.canon issue was related to the ransomware attack, Maze denied causing the outage.
The website was unavailable from June 30 while it only showed status updates until August 4 when it went live again. The website posted a company statement explaining why the site was down for six days.
According to the statement, the company detected an issue on July 30, which involved the user's 10GB storage. The mobile application and web browser services of image.canon were suspended while conducting further investigation.
Canon claimed "there was no leak of image data," although the company probe also found that some photo and video files before the morning of June 16 were lost.
Meanwhile, on Friday, August 7, Canon has issued another statement on apologizing for the recent issues in the cloud platform. The company explained that the "lost files" were caused by its recent update on its storage software that transpired on July 30.
Indeed, the company claimed it was due to an error in the code that led some images stored for over 30 days were missing. However, the company said it has identified and corrected the code that caused the error.
Ultimately, Canon said there was "no unauthorized access" to "image.canon" or any leaked images from the incident. Also, while still images can now be restored, lost videos are still being retrieved.