FUJIFILM has announced it experienced a ransomware attack and had to shut down its network to prevent the attack from spreading.
FujiFilm is a multinational company that started out as a manufacturer of cameras, pharmaceuticals, storage devices, photocopiers, and printers.
On June 1, 2021, the company became aware of a potential ransomware attack. It has suspended all systems affected by the incident.
“In the late evening of June 1, 2021, we became aware of the possibility of a ransomware attack. As a result, we have taken measures to suspend all affected systems in coordination with our various global entities,” FUJIFILM said in a statement.
On Wednesday, FUJIFILM made an announcement saying its Tokyo headquarters suffered a ransomware attack.
FUJIFILM said it is investigating possible unauthorized access to a server. The company’s network has been partially shut down as part of the probe.
“FUJIFILM Corporation is currently carrying out an investigation into possible unauthorized access to its server from outside the company. As part of this investigation, the network is partially shut down and disconnected from external correspondence.”
The company is working to determine the extent of the issue:
“We are currently working to determine the extent and the scale of the issue. We sincerely apologize to our customers and business partners for the inconvenience this has caused.”
Due to a network outage, FUJIFILM USA has added an alert to their website stating that their email and phone systems are experiencing issues.
According to Advanced Intel’s CEO, Vitali Kremez, FUJIFILM was infected with Qbot Trojan last month that caused the company to lose control of its systems.
“Based on our unique threat prevention platform Andariel, FUJIFILM Corporate appeared to be infected with Qbot malware based on May 15, 2021,” Kremez told. “Since the underground ransomware turmoil, the Qbot malware group currently works with the REvil ransomware group.”
Qbot, also referred to as QakBot, Pinkslip, or Pinkslipbot, is a banking Trojan first described in 2009.
The operators of Qbot have a long history of operating with ransomware gangs whom they provide with access to compromised networks. Therefore, this attribution to QBot may mean future ransomware attacks against FUJIFILM. Qbot has been used by the ProLock, Egregor, and REvil ransomware operations in the past which resulted in compromises of multiple networks.