{
	"id": "93ffbb60-437a-49ea-a6c0-17aca6ba4e6f",
	"created_at": "2026-04-06T00:11:43.324104Z",
	"updated_at": "2026-04-10T13:12:19.086518Z",
	"deleted_at": null,
	"sha1_hash": "ea3c9c9aa8a787c4a6434841e0f63036c5b5a3d8",
	"title": "Canon confirms ransomware attack in internal memo",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3746363,
	"plain_text": "Canon confirms ransomware attack in internal memo\r\nBy Lawrence Abrams\r\nPublished: 2020-08-06 · Archived: 2026-04-05 16:01:07 UTC\r\n08/06 update added below. This post was originally published on August, 5th, 2020.\r\nCanon has suffered a ransomware attack that impacts numerous services, including Canon's email, Microsoft Teams, USA\r\nwebsite, and other internal applications. In an internal alert sent to employees, Canon has disclosed the ransomware attack\r\nand working to address the issue.\r\nBleepingComputer has been tracking a suspicious outage on Canon's image.canon cloud photo and video storage service\r\nresulting in the loss of data for users of their free 10GB storage feature.\r\nhttps://www.bleepingcomputer.com/news/security/canon-hit-by-maze-ransomware-attack-10tb-data-allegedly-stolen/\r\nPage 1 of 7\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/canon-hit-by-maze-ransomware-attack-10tb-data-allegedly-stolen/\r\nPage 2 of 7\n\nVisit Advertiser websiteGO TO PAGE\r\nThe image.canon site suffered an outage on July 30th, 2020, and over six days, the site would show status updates until it\r\nwent back in service yesterday, August 4th.\r\nHowever, the final status update was strange as it mentions that while data was lost, \"there was no leak of image data.\"  This\r\nled BleepingComputer to believe there was more to the story and that they suffered a cyberattack.\r\nImage.canon outage notice\r\nSource: BleepingComputer\r\nWhen we contacted Canon about this outage, they referred us to the notice on the image.canon site.\r\nIf you work at Canon or know someone working there with first-hand information on this incident, you can confidentially\r\ncontact us on Signal at +16469613731.\r\nCanon suffers ransomware attack\r\nToday, a source contacted BleepingComputer and shared an image of a company-wide notification titled \"Message from IT\r\nService Center\" that was sent at approximately 6 AM this morning from Canon's IT department.\r\nThis notification states that Canon is experiencing \"wide spread system issues affecting multiple applications, Teams, Email,\r\nand other systems may not be available at this time.\"\r\nhttps://www.bleepingcomputer.com/news/security/canon-hit-by-maze-ransomware-attack-10tb-data-allegedly-stolen/\r\nPage 3 of 7\n\nNotice from Canon's IT department\r\nSource: BleepingComputer\r\nAs part of this outage, Canon USA's website is now displaying errors or page not found errors when visited.\r\nCanon USA website is down\r\nSource: BleepingComputer\r\nThe list of Canon domains that appear to be affected by this outage, include:\r\nwww.canonusa.com\r\nwww.canonbroadcast.com\r\nb2cweb.usa.canon.com\r\ncanondv.com\r\ncanobeam.com\r\ncanoneos.com\r\nbjc8200.com\r\ncanonhdec.com\r\nbjc8500.com\r\nusa.canon.com\r\nimagerunner.com\r\nmultispot.com\r\nhttps://www.bleepingcomputer.com/news/security/canon-hit-by-maze-ransomware-attack-10tb-data-allegedly-stolen/\r\nPage 4 of 7\n\ncanoncamerashop.com\r\ncanoncctv.com\r\ncanonhelp.com\r\nbjc-8500.com\r\ncanonbroadcast.com\r\nimageland.net\r\nconsumer.usa.canon.com\r\nbjc-8200.com\r\nbjc3000.com\r\ndownloadlibrary.usa.canon.com\r\nwww.cusa.canon.com\r\nwww.canondv.com\r\nSince then, BleepingComputer has obtained a partial screenshot of the alleged Canon ransom note, which we have been able\r\nto identify as from the Maze ransomware.\r\nPartial Maze ransomware note\r\nSource: BleepingComputer\r\nMaze claims to have stolen 10TB of data from Canon\r\nAfter contacting the ransomware operators, BleepingComputer was told by Maze that their attack was conducted this\r\nmorning when they stole \"10 terabytes of data, private databases etc\" as part of the attack on Canon.\r\nMaze declined to share any further info about the attack including the ransom amount, proof of stolen data, and the amount\r\nof devices encrypted. \r\nWhile we first thought that the image.canon outage was related to the ransomware attack, Maze has told us that it was not\r\ncaused by them.\r\nMaze is an enterprise-targeting human-operated ransomware that compromises and stealthily spreads laterally through a\r\nnetwork until it gains access to an administrator account and the system's Windows domain controller.\r\nDuring this process, Maze will steal unencrypted files from servers and backups and upload them to the threat actor's\r\nservers.\r\nOnce they have harvested the network of anything of value and gain access to a Windows domain controller, Maze will\r\ndeploy the ransomware throughout the network to encrypt all of the devices.\r\nIf a victim does not pay the ransom, Maze will publicly distribute the victim's stolen files on a data leak site that they have\r\ncreated.\r\nMaze has claimed responsibility for other high-profile victims in the past, including LG, Xerox, Conduent, MaxLinear,\r\nCognizant, Chubb, VT San Antonio Aerospace, the City of Pensacola, Florida, and more.\r\nIn a statement to BleepingComputer, Canon says they are \"currently investigating the situation.\"\r\nhttps://www.bleepingcomputer.com/news/security/canon-hit-by-maze-ransomware-attack-10tb-data-allegedly-stolen/\r\nPage 5 of 7\n\nCanon discloses ransomware attack to employees\r\nUpdate 08/06/20: BleepingComputer has obtained a screenshot of an internal message sent by Canon to employees that\r\ndiscloses the ransomware attack.\r\nThis message further states that they have hired an outside cybersecurity company to aid in their recovery.\r\n\"Canon U.S.A, Inc. and its subsidiaries understand the importance of maintaining the operational integrity and security of\r\nour systems. Access to some Canon systems is currently unavailable as a result of a ransomware incident we recently\r\ndiscovered. This is unrelated to the recent issue which affected image.canon.\"\r\nInternal notice sent to employees\r\nIn response to our query, Canon continues to state \"We are currently investigating the situation. Thank you.\"\r\nThis is a developing story and will be updated as more information is available.\r\nUpdate 8/5/20: Article updated to reflect that the image.canon outage was not related to the Maze ransomware attack.\r\nUpdate 8/6/20: Canon has internally notified their employees of the ransomware attack.\r\nhttps://www.bleepingcomputer.com/news/security/canon-hit-by-maze-ransomware-attack-10tb-data-allegedly-stolen/\r\nPage 6 of 7\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/canon-hit-by-maze-ransomware-attack-10tb-data-allegedly-stolen/\r\nhttps://www.bleepingcomputer.com/news/security/canon-hit-by-maze-ransomware-attack-10tb-data-allegedly-stolen/\r\nPage 7 of 7",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/canon-hit-by-maze-ransomware-attack-10tb-data-allegedly-stolen/"
	],
	"report_names": [
		"canon-hit-by-maze-ransomware-attack-10tb-data-allegedly-stolen"
	],
	"threat_actors": [],
	"ts_created_at": 1775434303,
	"ts_updated_at": 1775826739,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/ea3c9c9aa8a787c4a6434841e0f63036c5b5a3d8.pdf",
		"text": "https://archive.orkl.eu/ea3c9c9aa8a787c4a6434841e0f63036c5b5a3d8.txt",
		"img": "https://archive.orkl.eu/ea3c9c9aa8a787c4a6434841e0f63036c5b5a3d8.jpg"
	}
}