Canon is the latest to be hit by a possible ransomware attack

After Garmin reportedly paid millions to get its systems online, Canon might also be victim to a ransomware attack, according to Bleeping Computer. More than 20 Canon domains, including its main US site, are affected or down, and attackers may have stolen up to 10TB of data.

Canon hasn’t confirmed the ransomware attempt, saying in a statement that it’s “currently investigating the situation.” However, in a leaked email to employees, the company’s IT department said that it was experiencing a “wide spread system issues affecting multiple applications, [so] Teams, email, and other systems may not be available at this time.”

Its systems were reportedly seized by Maze, a group that exfiltrates data before encrypting and locking off systems. Bleeping Computer obtained a partial screenshot of the purported ransom note sent to Canon, and said that Maze confirmed that it had stolen “10 terabytes of data, private databases, etc.” as part of the attack. By combining data theft with ransomware, Maze can attempt to blackmail companies that may have full system backups.

Canon’s image.canon cloud photo storage site was also affected, though apparently not by the same problem. On the site’s home page, Canon says that “some of the photo and video image files saved in the 10GB long-term storage prior to June 16, 2020 9:00 AM (JST) were lost.” It added that “there was no leak of image data” and said that it was able to restore functionality as of August 4th. Maze reportedly confirmed to Bleeping Computer that the photo site wasn’t part of the attack, though of course one can’t take criminals at their word.