Canon USA's stolen files leaked by Maze ransomware gang

A ransomware gang has published unencrypted files allegedly stolen from Canon during a ransomware attack earlier this month.

On August 5th, 2020, BleepingComputer broke the story that Canon suffered a ransomware attack by a cybercrime group known as Maze.

BleepingComputer learned of this attack after a source shared a portion of the ransom note and an internal notification to employees about the attack.

Since then, BleepingComputer has obtained previously unpublished internal communications sent by the Canon IT department on August 10th to employees about the restoration of services.

We are only sharing a portion of the email below, as we do not want to reveal the company's internal systems.

As Canon was able to restore many systems in a short time, BleepingComputer believed that they had paid the ransom.

It looks like we were wrong as Maze has started to publish Canon's stolen data, which is only done after a ransom is not paid.

Do you have information about an ongoing ransomware attack? If you want to share the information, you can contact us securely on Signal at +1 (646) 961-3731, via email at lawrence.abrams@bleepingcomputer.com, or using our tips form.

Maze releases Canon's unencrypted files

On Maze's data leak site, the ransomware operators state that they are releasing 5% of the total data stolen from Canon during the attack,

The published file is a 2.2 GB archive called "STRATEGICPLANNINGpart62.zip" and we were told it contains marketing materials and videos, as well as files related to Canon's website.

From the small number of samples reviewed by BleepingComputer, these files do appear to belong to Canon USA.

A source who reviewed the archive has stated that they do not appear to contain any financial information, employee information, or other sensitive data.

We have not independently verified these claims.

BleepingComputer has reached out to Canon for comment but has not heard back as of yet.