Last Wednesday, Fujifilm issued a short statement to disclose the unauthorised infiltration of a computer network in Japan, stating that the network had been isolated from the rest of the IT infrastructure and that the company was working to determine the extent and the scale of the issue.
“We want to state what we understand as of now and the measures that the company has taken. In the late evening of June 1, 2021, we became aware of the possibility of a ransomware attack. As a result, we have taken measures to suspend all affected systems in coordination with our various global entities.
“We are currently working to determine the extent and the scale of the issue. We sincerely apologise to our customers and business partners for the inconvenience this has caused,” the statement read.
It is now being reported that Fujifilm has restored all computer systems and is expecting all systems to be up and running before the end of the week, that too without engaging with hackers or paying a ransom to obtain a decryption key. The company is also confident that all of its data is safe and has not been misused by hackers.
“From a European perspective, we have determined that there is no related risk to our network, servers and equipment in the EMEA region or that of our customers across EMEA. We presently have no indication that any of our regional systems have been compromised, including those involving customer data,” a company spokesperson said.
The spokesperson added that Fujifilm was “highly confident that no loss, destruction, alteration, unauthorised use or disclosure of our data, or our customers’ data, on Fujifilm Europe’s systems has been detected.”
The fact that Fujifilm emerged from the cyber incident nearly unscathed speaks highly of the company’s preparations for such an incident in advance. According to Ray Walsh, Digital Privacy Expert at ProPrivacy, the attack appeared to be an extremely sophisticated cyberattack that was initiated last month via infection with the well-known Qbot Trojan.
“It appears that the cybercriminals behind this attack used the Qbot infection to gain a foothold in the system and deliver the secondary ransomware payload now locking up Fujifilm’s networks. The Qbot trojan was previously used as the initial attack vector in a number of other high-profile ransomware attacks including those carried out by ProLock and Egregor hackers.
“Most recently, security experts have noticed the Qbot trojan being exploited in the wild by the REvil hacking collective, which is sowing the suspicion that those Russian-based hackers are behind this incident. This is the second time that REvil has been suspected of involvement in a high-profile cyber attack this week, revealing that the hacking collective is ramping up its criminal activities at the moment,” he added.