Threat operators of renowned ransomware group Maze have claimed responsibility for a targeted ransomware attack on multinational corporation Canon Inc. that was appears to have been identified in internal memorandums.

According to a report published by online help site Bleeping Computer, a six-day outage was recorded on the Japanese company’s website, starting on July 30. The disruption to the site, which enables users to upload and store photos via Canon’s mobile applications, resulted in raised suspicions that a potential cyberattack could have occurred.

Private user data lost

Services available from the site have now resumed, however, within one of its most recent status updates, Canon disclosed that an issue that involved 10 gigabytes worth of data storage was now under investigation. It added that the issue had also led to a temporary suspension of the online platform, as well as the mobile applications related to it.

Canon’s statement regarding the issue informed users that no leak had occurred involving image data, but admitted that some image and photographic files that had been saved before June 16 were lost in the incident.

The company explained:

“Currently, the still image thumbnails of these lost image files can be viewed but not downloaded or transferred. If a user tries to download or transfer a still image thumbnail file, an error may be received.”

While this admission alone may suggest the cause of the issue was a server-side technical fault, at the same time, an internal memo from Canon warned personnel of an IT issue that was “company-wide”. A second memo also suggested a ransom attack had occurred.

Maze attempts to take credit for attack

IT security experts believe Maze is responsible for the attack, due to threat operators from the group claiming they had launched a successful assault on Canon, in which 10 terabytes of data were stolen. While Maze operators boasted of their attack, they denied involvement in the issues that led to downtime for the site.

The fact that the Canon site’s outage and reported ransom attack by the Maze Group occurred simultaneously may be coincidental, however, a third-party company specialising in cyber forensics has now been hired to investigate.

The type of ransomware deployed by Maze threat operators is typically used to target enterprise companies. The insidious malware actively encrypts networks and data stores, before displaying a ransom note demanding funds for the safe return of systems and sensitive information. The sums demanded can be thousands of dollars, and are often requested in cryptocurrency, which is far harder for law enforcement agencies to trace.

Maze’s method of attack is to infiltrate networks before exfiltrating confidential corporate data. They then threaten enterprises with the release of sensitive information on sites and forums on the Dark Web – unless payment is actioned.

These threats by the infamous ransomware group are not empty. Following recent attacks on Xerox and LG, Maze released gigabytes of private data files online when the companies refused to answer the group’s demands.