Ransomware Hackers Attacked Canon
The manufacturer of photographic equipment, Canon, became a victim of ransomware hackers, whose attack affected the company's internal IT infrastructure, the official website in the United States and may have led to the theft of photos uploaded by users to the image.canon cloud service.
Bleeping Computer writes about the cyberattack. Journalists have been following the oddities in the work of image.canon since the end of July — the service that allows you to store up to 10 GB of photos for free, at some point stopped working and began to inform users about technical problems. As a result, some of the user photos were lost, although Canon said that "there was no leakage of image data."
On Wednesday, a source-apparently a Canon employee-sent reporters a screenshot of an internal message in which the IT Department informed about a "large-scale system failure" affecting several applications, Microsoft Teams corporate chat, and email — they "may not be available at the moment."
Official website of Canon in the USA — usa.canon.com — it shows a placeholder with the logo on any page (different addresses can be found, for example, by Google search). The situation is similar to the official online store of the company. However, it says about the ongoing work to improve the site. In total, the publication lists 24 domains belonging to Canon that were affected by the crash.
Also, journalists were sent a screenshot of the message, apparently displayed by a virus-blocker of the hacker group Maze. In it, cybercriminals threaten to make public information about the hack, and if they do not receive a ransom within a week — to put all the stolen information into public access. A representative of Maze told the publication that ten terabytes of information and "confidential databases" were stolen during the cyberattack. At the same time, hackers insist that the failure on image.canon has nothing to do with it.
In July, the victim of another group of cybercriminals was the manufacturer of smartwatches, sports gadgets, and navigation solutions Garmin. The company's services did not work for several days due to an attack using malware that encrypts the contents of computers' hard drives and servers. According to media reports, it was possible to restore the operation of the systems only by paying hackers a multi-million-dollar ransom.
Recently, the Russian company Group-IB, which works in the field of cybersecurity, told about the situation in the field of ransomware attacks using encryption viruses. The number of such attacks in 2019 compared to the previous year increased by 40%, while the size of the average required ransom compared to 2018 increased by an order of magnitude from 8 to 84 thousand dollars. Municipalities, corporations, and medical institutions were among the victims of the attackers.
Group-IB believes that it is possible to resist such attacks. You only need to implement the necessary precautions. These include connecting to servers over RDP only using a VPN, creating complex passwords for accounts used for RDP access and changing them regularly, and limiting the list of IP addresses from which external RDP connections can be initiated.