Ransomware Attacks Canon Email, Microsoft Teams Data: Report

Tip Sheet:
Tip Sheet: How to stop a ransomware attack against your MSP business

Canon has suffered a Maze ransomware attack that infiltrated the printer and digital camera company's corporate email, Microsoft Teams related data, Canon United States website and more, according to multiple reports. The company's U.S. website appears to be offline as of 3:30 p.m. ET on August 5, 2020.

The Canon maze ransomware attack may be related to issues that the company disclosed on its service, according to Bleeping Computer. Maze launched their attack on August 5 and  allegedly stole 10 terabytes of data, private databases and more, according to the report.

Canon has not publicly commented about the alleged attack, but Bleeping computer has published screen shots that allegedly involve:

  • An alert from Canon's IT department to employees.
  • The ransomware note from Maze hackers to Canon.
  • A list of Canon domains that may have been impacted by the attack.

Maze Ransomware Attacks: Security Perspectives

John Shier, Sophos

Multiple security software firms have been tracking Maze ransomware attacks. In a statement to MSSP Alert,  John Shier, senior security advisor, Sophos, noted:

“The ransomware attack on Canon is yet another example of the Maze gang's sustained and brazen targeting of enterprises. Following other recent high-profile attacks, this latest salvo should be a wake-up call to all the enterprises who haven't taken the time to assess their security posture and bolster their defenses against these pernicious adversaries.

Many of these attacks start by exploiting external services or simple phishing campaigns. The successful campaigns will often be followed by living-off-the-land techniques, abusing over-privileged and under-protected accounts, and hiding in plain sight.

Enterprises must take the time to ensure they've built a strong security foundation (e.g. principle of least privilege, MFA everywhere, patching, user training, etc.), which includes investment in both prevention and detection technologies today if they don't want to be a victim tomorrow.”

Recent Sophos insights about Maze ransomware include this piece about the Realities of Ransomware as extortion goes social, written by Shier.

Maze Ransomware Attacks IT Consulting Firms, MSPs

Multiple technology companies, IT consulting firms and managed IT service providers (MSPs) have suffered Maze ransomware attacks in recent months. Targets and victims have included:

  • Collabera, an IT staffing firm. Hackers used Maze to access Collabera employees’ names, addresses and other personal information and infect its systems during the cyberattack.
  • VT San Antonio AerospaceCybercriminals used Maze ransomware to illegally access VT’s network.
  • ConduentCybercriminals used Maze ransomware to steal data from Conduent and post it on the dark web.
  • CognizantCybercriminals used Maze ransomware to infiltrate Cognizant’s systems and infect some of its customers.

How MSPs Can Mitigate Ransomware Attack Risks: To safeguard your MSP business and clientele from ransomware attacks, follow this tip sheet.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.