Canon, the multinational camera company, was hit with ransomware. For 6 days, from July 30th to August 4th, its website image.canon, a service for uploading and storing photos through Canon’s mobile applications, was down. Canon made a statement August 4th stating that no image data had been leaked nor were the thumbnails of photos stored on its cloud service.
Brett Callow confirmed that the well-known Maze ransomware gang was behind the attack. Callow stated, “…Canon does state that some photos and videos were lost, so it seems likely that Maze did have access to that area of the network.”
According to BleepingComputer, Maze ransomware was able to steal almost 10 TB of photos, files, and other data. Multiple site applications were affected by the attack including internal applications, email servers, Microsoft Teams, and the USA website. Where is ransomware heading? Check out this article.
James McQuiggan, a Security Awareness Advocate at KnowBe4 said, “While it’s not been entirely evident, this attack is not one that happened quickly. Cybercriminals would have been inside the infrastructure and systems for some time, not hours, but most likely days, to access this many domains of the organization.”
“Ransomware continues to be the favorite attack vector of cybercriminals,” McQuiggan says. They gain access to organizations either through social engineering phishing attacks or through misconfigurations on unpatched systems found available on the internet.”
The way Maze ransomware works is to exploit the average user accounts on the network and then spread compromising the administrator account on the domain controller. Throughout this process, the ransomware exfiltrates data to its servers while encrypting files on the affected devices.
Maze uses the name-and-shame method, publishing data online if victims refuse to pay the ransom.
Within the last month, LG and Xerox were both attacked by Maze. See more about Honda’s ransomware escapade here. Both companies refused to pay the ransom and had gigabytes of data published. Supposedly, Maze did not use ransomware on LG’s network. They were able to infiltrate LG and steal the information instead, according to ZDNET, and decided to withhold ransomware as LG clients were “socially significant”.
Quoting a recent study published by Emsisoft’s experts, they believe there is a greater than 10$ chance of having data stolen in a ransomware attack.
You might be wondering how your company can prepare against ransomware. There are a few bare-minium things companies can do to be prepared for a ransomware attack.
- The first step is to backup your systems, locally and in the cloud. Cloud backups introduce redundancy and add an extra layer of protection.
- The next step is to segment network access. This limits the data attackers will have access to. You want to break down your network into zones each requiring different credentials.
- Third, install early threat detection systems. Detect a potential attack before it happens by installing ransomware protection software. In addition, make sure to have a firewall in place to block unauthorized access to your computer or network.
- Fourth, install anti-malware/ransomware software. You want to make sure you have the most up-to-date antivirus protection.
- Last but not least make sure to run your security scans frequently. It does you no good to have software on your system and not run scans.
For more ideas on how to avoid and prevent ransomware, check out this article.