FUJIFILM Shuts Down Operations Following Suspected Ransomware Attack

Another ransomware attack has surfaced online. The latest report comes from the photography giant FUJIFILM that temporarily shut down its operations following the attack.

FUJIFILM Discloses Ransomware Attack

Reportedly, FUJIFILM has fallen prey to a possible ransomware attack. According to the notice placed on their US website, the firm suffered the attack on June 2, 2021. Following the incident, the company suffered network disruptions besides facing the effect on communications.

Describing the timelines of the incident in another statement, FUJIFILM stated,

In the late evening of June 1, 2021, we became aware of the possibility of a ransomware attack. As a result, we have taken measures to suspend all affected systems in coordination with our various global entities.

Whereas the firm is also continuing with investigations of the incident.

FUJIFILM Corporation is currently carrying out an investigation into possible unauthorized access to its server from outside of the company. As part of this investigation, the network is partially shut down and disconnected from external correspondence.

According to NZHerald, the firm has suffered the impact on its PCs and servers in Japan.

QBot Trojan Attack Suspected

Despite explicitly disclosing the ransomware attack, FUJIFILM hasn’t shared any details about the attackers.

However, Bleeping Computer reports that Vitali Kremez has observed the involvement of Qbot Trojan in this attack. This links back to the REvil ransomware gang with which QBot currently works. According to his statement,

Based on our unique threat prevention platform Andariel, FUJIFILM Corporate appeared to be infected with Qbot malware based on May 15, 2021. Since the underground ransomware turmoil, the Qbot malware group currently works with the REvil ransomware group…
A network infection attributed to QBot automatically results in risks associated with future ransomware attacks.

This can’t be ruled out since REvil is already active in the wild. One of their recent victims is the tech giant Acer from whom the attackers demanded a ransom of $50 million.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil