The Canon Ransomware Attack Probably More Costly Than the 70-200mm You Want

Illustration for article titled The Canon Ransomware Attack Probably More Costly Than the 70-200mm You Want
Photo: Alex Cranz/Gizmodo

Just about a week after Canon rolled out a full-on cybersecurity toolkit for small businesses across the US, the fan-favorite camera company’s revealed that it’s suffered two pretty serious ransomware attacks that’ve resulted in at least 10 terabytes of company-wide data being held up for an undisclosed ransom.


While Canon’s been pretty scant on the details of what data’s being held on the table here—and how many of its customers might be on the line—Bleepingcomputer reports that the first attack hit Canon’s internal systems, including its Microsoft teams and company email accounts, towards the tail end of last month. In the ensuing frackas, Canon ended up pulling roughly two dozen of its domains while it “investigated the issue.”

One of these domains just happened to be the site where Canon customers upload their public or not-so-public photos. For six days, the page was stuck showing status updates, before going live again yesterday, plastered with a handy company statement letting us know why they were MIA for the week:

On July 30, 2020, we identified an issue involving the 10GB long-term storage on In order to conduct further investigation, we temporarily suspended both the mobile application and web browser service of

After the investigation, we identified that some of the photo and video image files saved in the 10GB long-term storage prior to June 16, 2020 9:00am (JST) were lost. We confirmed that the still image thumbnails of the affected files were not affected, and there was no leak of image data.

Hmmm. So according to Canon, there wasn’t any “image data” leaked out here, despite also saying that “some of the photo and video image files” that were saved in its system were mysteriously lost.

Weirdly enough, despite the company-wide and photo-facing hacks happening around the same time, it looks like they’re unrelated since Maze—the ransomware gang behind the former heist—has said that it wasn’t one of their targets. That means that Canon is either really, really unlucky, or really, really bad at cybersecurity, or both.

We’ve reached out to Canon for additional comment and will update should we hear more, and if you have additional details reach out to me at or anonymously via SecureDrop.

I cover the business of data for Gizmodo. Send your worst tips to



It sounds like they just restored their systems from an older backup prior to the attack, thus some image data was missing. The simplest thing to do but doesn’t necessarily solve how the attack entered the system.