Canon has been hit with a ransomware attack that has seen 10 terabytes of data stolen and the hackers demanding a ransom for its return, according to a new report.

BleepingComputer has reported the camera giant has been targeted by the Maze ransomware, with the hackers threatening to publicly release the leaked data unless contact is made within three days and an unidentified sum of money is paid.

The ransomware has reportedly impacted a number of Canon’s internal services, including its email, Microsoft Teams, and other apps.

It comes after Canon’s new cloud storage platform suffered a near-week-long outage which saw the loss of some data from users on its 10GB storage plan. This was unrelated to the ransomware attack, according to BleepingComputer.

A spokesperson for Canon has said the company is “currently investigating the situation”.

The Maze hackers told the publication they had used the ransomware to steal “10 terabytes of data, private databases etc”.

“We hacked your network and now all your files, documents, photos, databases and other important data are safely encrypted with reliable algorithms,” the Maze ransom note said. “You cannot access the files right now. But do not worry. You can get it back! It is easy to recover in a few steps.

“We have also downloaded a lot of private data from your network, so in case of not contacting us as soon as possible this data will be released. If you do not contact us in three days we will post information about your breach on our public news website and after seven days the whole download info.”

The Maze ransomware targets businesses and spreads laterally through a network after compromising it, until it gets into an administrator account. It steals unencrypted files along the way and backs them up to its own servers.

Once this is done, the ransomware then encrypts all the infected devices and demands a ransom for them to be decrypted.

Further Canon user data was lost after its new cloud storage platform experienced issues commencing 30 July.

“We identified that some of the photo and video image files saved in the 10GB long-term storage prior to June 16, 2020, 9:00am (JST) were lost,” Canon said in an update. “We confirmed that the still image thumbnails of the affected files were not affected, and there was no leak of image data.

“Currently, the still image thumbnails of these lost image files can be viewed but not downloaded or transferred. If a user tries to download or transfer a still image thumbnail file an error message may be received. We are currently exploring technical counter-measures.”

It appears that this outage and data loss is unrelated to the ongoing ransomware attack.

It’s unclear how much the ransom is and whether Canon will pay the hacking organisation.

Paying ransomware

Uncovered chat logs between a US travel management firm and the Ragnar Locker ransomware this week revealed how this could all go down though, with the conversation closely resembling a business transaction, as Reuters journalist Jack Stubbs tweeted.

The travel company agreed to pay $US4.5 million in bitcoin to the hackers after haggling and negotiations, with the hacker even providing some advice to avoid this happening again in the future.

In the chat, done through the hacker’s support form, a $10 million ransom was initially demanded, before the travel company representative requested the “very SPECIAL PRICE” that had initially been offered for contact within two days.

While saying the initial price was “probably much cheaper than lawsuits expenses” and “reputation loss caused by leakage”, the hacker eventually agreed to the lower amount after the company representative opened up.

“I completely understand that this is a business for you, but right now I’m tasked with trying to keep our business afloat,” the travel company rep said.

“In all honesty, $8 million puts us in a spot where we would need to double current revenue to keep our doors afloat.

“We were willing to get you $3.7M potentially today if we could have found common ground. I don’t mean to belittle you and your team’s work here, I’m just trying to help prevent further layoffs on our side.”

Due to this “business spirit”, the hackers agreed to a further discount and offered some security recommendations after it was paid.

“It’s a pleasure to work with professionals,” they said.

There have been a series of high-profile ransomware attacks recently, with many large Australian companies impacted.

Earlier this year Toll was hit with one of the largest ransomware takedowns ever seen in Australia, with its IT systems taken down and the firm resorting to manual processing for a number of weeks. The company was infected with a strain of the Mailto ransomware and refused to pay the ransom.

Travelex was also hit with a ransomware attack late last year, and was forced to operate manually for weeks. The hackers demanded a ransom of more than $8.5 million to decrypt the 5GB of stolen data.

Last month tech company Garmin was hit with a likely ransomware attack too, with many of its services taken offline.