Fujifilm Hit by Ransomware Attack

Fujifilm Hit by Suspected Ransomware Attack, Global Network Impacted

Fujifilm, a Japanese multinational corporation, has been compelled to temporarily disable portions of its worldwide network following a suspected ransomware incident.

While widely recognized for its contributions to digital imaging, the company also manufactures sophisticated medical equipment, including tools for the swift analysis of COVID-19 tests.

Cyberattack Confirmed at Tokyo Headquarters

The company verified that its Tokyo headquarters experienced a cyberattack on Tuesday evening. An investigation into potential unauthorized server access from external sources is currently underway.

As a precautionary measure, the network has been partially shut down and disconnected from external communication channels.

Company Statement and Initial Response

“We are disclosing the information currently available to us and the actions taken by the company,” Fujifilm stated on its official website.

“On the evening of June 1, 2021, we detected the possibility of a ransomware attack. Consequently, we have implemented measures to suspend all impacted systems in collaboration with our global divisions.”

“We are actively assessing the scope and magnitude of this issue. We extend our sincere apologies to our customers and partners for any inconvenience caused.”

Impact on Fujifilm USA Operations

Due to the partial network outage, Fujifilm USA posted a notice on its website indicating disruptions to all communication forms, encompassing emails and incoming phone calls.

Previously, Fujifilm confirmed that the cyberattack is also hindering the acceptance and processing of customer orders.

Early Reports Indicate Qbot Trojan Involvement

Although Fujifilm has not yet provided further details, Bleeping Computer reports that the company’s servers have been compromised by Qbot.

Vitali Kremez, CEO of Advanced Intel, informed the publication that the 13-year-old Trojan, often initiated through phishing schemes, infiltrated the company’s systems last month.

Qbot's History of Collaboration with Ransomware Groups

The developers of Qbot, also known as QakBot or QuakBot, have a documented history of collaborating with ransomware operators.

They have previously associated with groups like ProLock and Egregor, and are now reportedly linked to the infamous REvil group.

Expert Analysis Points to REvil

“Preliminary forensic analysis suggests the ransomware attack on Fujifilm originated with a Qbot Trojan infection last month, providing hackers with initial access to the company’s systems,” explained Ray Walsh, a digital privacy expert at ProPrivacy, to TechCrunch.

“The Qbot Trojan has recently been actively exploited by the REvil hacking collective, making it highly probable that this cyberattack is the work of Russian-based hackers.”

REvil's Double-Extortion Tactics

REvil, also referred to as Sodinokibi, not only encrypts a victim’s data but also extracts it from their network.

Hackers typically threaten to publicly release the stolen data unless a ransom is paid. However, the dark web site previously used by REvil to showcase stolen data was inaccessible at the time of this report.

Rise in Ransomware Attacks During the Pandemic

Ransomware attacks have surged since the beginning of the COVID-19 pandemic, becoming a primary revenue source for cybercriminals.

Group-IB, a threat hunting and cyber intelligence firm, estimates that the number of ransomware attacks increased by over 150% in 2020, with the average ransom demand more than doubling to $170,000.