FujiFilm is investigating a ransomware attack and has shut down parts of its network to prevent the attack from spreading.
FujiFilm, also known simply as Fuji, is a Japanese multinational conglomerate based in Tokyo, Japan that initially started out in optical film and cameras. It has grown to include pharmaceuticals, storage devices, copiers and printers (XEROX), and digital cameras.
FUJIFILM earned $ 20.1 billion in 2020 and has 37,151 employees worldwide.
Probable ransomware attack
Today, FUJIFILM announced that its Tokyo headquarters suffered a cyberattack on Tuesday night that they say is a ransomware attack.
“FUJIFILM Corporation is conducting an investigation into possible unauthorized access to its server from outside the company. As part of this investigation, the network is partially closed and disconnected from outside correspondence,” FUJIFILM said in a statement.
“We want to express what we understand so far and the measures that the company has taken. In the late afternoon of June 1, 2021, we learned of the possibility of a ransomware attack. As a result, we have taken measures to suspend all affected systems in coordination with our various global entities. “
“We are currently working to determine the scope and scale of the problem. We sincerely apologize to our customers and business partners for the inconvenience this has caused.”
Due to the partial network outage, FUJIFILM USA has added an alert to the top of their website stating that they are experiencing network problems that are affecting their phone and email systems.
While FUJIFILM has not indicated which ransomware group is responsible for the attack, the CEO of Advanced Intel Vitali Kremez has told Bleeping Computer that FUJIFILM got infected with the Qbot Trojan last month.
“Based on our unique Andariel threat prevention platform, FUJIFILM Corporate appeared to be infected with the Qbot malware on May 15, 2021,” Kremez told Bleeping Computer. “Since the clandestine ransomware confusion, the Qbot malware group is currently working with the REvil ransomware group.”
“A network infection attributed to QBot automatically creates risks associated with future ransomware attacks.”
The operators of the Qbot Trojan have a long history of working with ransomware operations to provide remote access to compromised networks.
In the past, the ProLock and Egregor ransomware gangs have partnered with Qbot, but with the shutdown of those operations, the REvil ransomware operation has been using the botnet.
While ransomware has been active since 2012, it has recently gained global attention following the attacks on Colonial Pipeline, the largest US fuel pipeline and the world’s largest beef producer, JBS.
The US government has created a ransomware task force to recommend new policies and guidelines to combat the growing threat.