Canon Hit by Human-Operated Ransomware Attack

The major outage that hit Canon earlier this week has been confirmed as a ransomware attack in an internal memo, which could have resulted in data being stolen.

Several of the Japanese-owned optical electronics company’s websites suffered downtime, including the US website, which displayed a message claiming that it was “under maintenance”. Maze – a sophisticated strain of malware known as human-operated ransomware – have claimed responsibility for the attack. Additionally, they claim to have stolen 10TB of data, including private databases, but have yet to provide any information regarding the amount of devices encrypted or the ransom amount, nor have they provided any proof that the data is in their hands. Canon has released a statement advising that they are “currently investigating the situation”

Maze generally target businesses, and the group’s modus operandi is to threaten to release sensitive or personal information if the ransom is not paid; this form of ransomware is also known as doxware. While this might sound like an empty threat, only this week Maze published tens of GB of data that they claimed was obtained from LG and Xerox.

Human-operated ransomware attacks pose a growing threat to businesses across the world. These attacks work in exactly the same way as traditional ransomware does; the host is infected, data is encrypted, and a ransom is demanded in return for a decryption key, or the promise not to leak private data. Examples of these auto-spreading strains of ransomware include WannaCry and NotPetya. But human-operated ransomware attacks are carried out, as the name suggests, by humans. These cybercriminals often exhibit extensive knowledge of network security vulnerabilities, and the methods they deploy have been compared by Microsoft to state actors.

FireEye have estimated that human-operated ransomware attacks have increased by 860% since 2017, and it’s highly likely that this trend will continue.  

Human-operated ransomware