Canon has had a double shot of bad luck lately. First, its brand-new photo-and-video-hosting cloud started losing files. Now it's reportedly fallen victim to ransomware.
The Japanese camera maker noticed at the end of July that footage uploaded before June 16 to image.canon had started going missing. The service launched in February, and offers 10GB of long-term storage space for people's personal photos and videos. Some cameras can automatically upload material to the cloud, too.
Canon pulled the plug on service, and restored it days later, on Tuesday, August 4 when the data-gobbling glitch was fixed, we're told. Strangely, it said no data was leaked. In a statement, the biz said:
On July 30, 2020, we identified an issue involving the 10GB long-term storage on image.canon. In order to conduct further investigation, we temporarily suspended both the mobile application and web browser service of image.canon. After the investigation, we identified that some of the photo and video image files saved in the 10GB long-term storage prior to June 16, 2020 9:00am (JST) were lost. We confirmed that the still image thumbnails of the affected files were not affected, and there was no leak of image data.
After having resolved the issue that resulted in the loss of the photo and video image files, we resumed the image.canon service as of August 4, 2020.
Currently, the still image thumbnails of these lost image files can be viewed but not downloaded or transferred. If a user tries to download or transfer a still image thumbnail file, an error message may be received. We are currently exploring technical counter measures.
Then on Wednesday, according to Bleeping Computer, Canon was hit by a Maze ransomware infection.
This appears to have disrupted the manufacturer's internal network. A message apparently sent by its IT support desk at 6am to staff said there were "widespread system issues affecting multiple applications," and that Microsoft Teams, "email, and other systems may not be available at this time." Said systems included Canon's US website, which fell offline. A ransom note was apparently found claiming internal files had been scrambled, and would be restored if payment was made.
The Maze team reportedly boasted it broke into Canon's systems, exfiltrated 10TB of databases and other files, and was holding the encrypted information to ransom. Canon has not appeared on the Maze gang's website, where the crew usually lists its victims, such as Xerox, though.
You might link the two snafus – the file-wiping cloud and the reported ransomware infection – though there is no smoking gun connecting the two, we note. The Maze gang apparently said they didn't have anything to do with the image.canon downtime.
"We are currently investigating the situation. Thank you," a spokesperson for Canon told The Register regarding the ransomware infection report. ®