Expert Commentary: Canon ransomware attack

By   ISBuzz Team
Writer , Information Security Buzz | Aug 06, 2020 12:10 am PST

Please find below expert commentary on th news that Canon experienced a ransomware attack, similar to LG and Xerox.

Subscribe
Notify of
guest
3 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Jason Bevis
Jason Bevis , VP Awake Labs
August 6, 2020 11:51 am

Canon is not the first victim of Maze and we have seen Maze be very active and malicious in the past weeks including the recently published 50GB of data from LG and another 25GB of data from Xerox. We haven’t seen Canon’s data hit the forums yet, but will likely see 10 TB of data posted for sale soon if Canon doesn’t pay, judging by what we’ve witnessed from other attacks. Like the others, the Canon data may potentially include source code, internal IT data, and likely a large amount of data about some of their internal programs and third parties. In this case, Canon likely missed several warning signs that could have tipped them off. We know the network provides a unique vantage point to spot the pre-encryption activity of ransomware actors such as those behind Maze. This latest attack will surely assist in putting Maze back at the top of the list of ransomware threats that IT admins and security operations teams are watching

Last edited 3 years ago by Jason Bevis
Matt Walmsley
Matt Walmsley , EMEA Director
August 6, 2020 8:17 am

Maze Group ransomware operators use “name and shame” tactics whereby victim’s data is exfiltrated prior to encryption and used to leverage ransomware payments. The bullying tactics used by such ransomware groups are making attacks even more expensive, and they are not going to stop any time soon, particularly within the current climate. These attackers will attempt to exploit, coerce, and capitalise on organisations’ valuable digital assets.

Ransomware attackers tend to seek privileged entities associated with accounts, hosts, and services due to the unrestricted access they can provide and to ease replication and propagation. Attackers will maneuver themselves through a network and make that step from a regular user account, to a privileged account which can allow them to deploy their tools and access all the data they need in order to finalise their ransomware attack and coerce their victims. Therefore, security teams need to be agile as time is their most precious resource in dealing with ransomware attacks. Early detection and response is key to gaining back control and stopping the attackers in their tracks before they can propagate across the organisation, stealing and denying access to data.

Last edited 3 years ago by Matt Walmsley
Sanjay Jagad
Sanjay Jagad , Sr. Director of Products and Solutions
August 6, 2020 8:15 am

Canon, LG, and Xerox were all recent victims of a Maze ransomware attack, and we’ll continue to see more and more organizations fall prey to such breaches. Encryption doesn’t work against ransomware because the attacker can simply re-encrypt the data to prevent access to its rightful owner. Other traditional approaches to combating ransomware, such as anti-phishing training, firewalls, and password software, often fall short. The only way for organizations to really safeguard themselves is to protect data at the storage layer.

They can so by leveraging WORM (Write Once Read Many) storage. WORM is the easiest and most effective method for mitigating ransomware attacks. With WORM, data is made immutable: once written, it cannot be changed or deleted for a specific period. This prevents malware from being able to encrypt the data and lock the victim out. In the event of a ransomware attack, organizations can restore an uninfected copy of the data by a simple recovery process. In the past you needed specialized storage devices to leverage WORM. However, select object storage systems now offer a new feature called Object Lock to provide WORM functionality within your enterprise storage system. With Object Lock, data is protected at the device level, rather than being dependent on an external layer for defense.

Last edited 3 years ago by Sanjay Jagad

Recent Posts

3
0
Would love your thoughts, please comment.x
()
x