Last week the image.canon website from Canon USA suffered a service outage, fueling speculation that a ransomware attack had occurred. Although it was not clear whether the website service outage was related, the fact that a ransomware attack occurred has been confirmed. The operators behind Maze claimed responsibility for the attack, telling BleepingComputer that they had stolen over 10TB worth of data from the company. Since then, the company has admitted the attack to employees internally and began recovering systems quickly. When victims of a ransom refuse to pay, many ransomware operators like Maze now publish or sell the stolen data in some form. Maze has recently updated their website to add “5%” of the stolen data in a zip file containing marketing material, videos and files relating to Canon’s website.
Dealing with ransomware has become an extremely tricky situation due to the trend of data theft before encryption. Binary Defense strongly recommends never paying the ransom demands and instead restoring files from backups. When planning for backups it is important not only to make backups at regular intervals but also to utilize the 3-2-1 rule. Have at least three copies of your data, store the copies on at least two different devices, and keep at least one copy offsite. To prevent attackers from stealing data requires continuous monitoring of systems to recognize attacks in the early stages, investigate to understand the scope of the intrusion and quickly cut off attackers’ access.