On Aug. 5, Canon USA sent a notification to the entire company, informing employees that there were widespread system issues that resulted in many applications, groups, and emails being unavailable.
A screenshot of the ransom note received by BleepingComputer shows that the interruption was caused by Maze of ransomware, a group that typically steals data from affected networks to force victims to pay.
Canon began investigating the incident and found evidence of unauthorized activity on its network between July 20 and August 6.
The threat agent had access to file servers that also host "information about current and former employees from 2005 to 2020 and beneficiaries and dependents".
Canon states that the data was accessed by intruder included the names of the employees, the Social Security number, the date of birth, the driver's license number or ID issued by the state, the bank account number for direct deposits from Canon and their electronic signature.
Shortly after the attack, Maze ransomware told BleepingComputer that it had stolen 10 terabytes of data and private databases from Canon before setting off the malware file encryption on August 5th.
The Maze cybercriminal group was one of the biggest players in the ransomware arena. On November 1, the gang ceased its activities that had begun about a year and a half earlier, in May 2019.
She is responsible for the current trend of double blackmail, most ransomware criminals use today, where they steal data before encrypting it and threaten to leak it, unless the victim pays the ransom. Among their victims are important companies such as Allied Universal, Southwire, City of Pensacola, Canon, LG Electronics and Xerox.