Fujifilm issued a short statement on Wednesday to disclose the unauthorised infiltration of its server by external actors, but did not confirm if it had identified the ransomware variant used in the attack, whether any information was exfiltrated out of its network, or whether hackers had contacted it to demand a ransom.
“FUJIFILM Corporation is currently carrying out an investigation into possible unauthorized access to its server from outside of the company. As part of this investigation, the network is partially shut down and disconnected from external correspondence.
“We want to state what we understand as of now and the measures that the company has taken. In the late evening of June 1, 2021, we became aware of the possibility of a ransomware attack. As a result, we have taken measures to suspend all affected systems in coordination with our various global entities.
“We are currently working to determine the extent and the scale of the issue. We sincerely apologize to our customers and business partners for the inconvenience this has caused,” the statement read.
Founded in 1934, Fujifilm is a leading manufacturer of digital cameras and lenses and its product stack also includes mobile X-ray diagnostic equipment, pharmaceutical products, CT and MRI equipment, point-of-care ultrasound systems, and photo imaging technologies. The company employed over 70,000 employees worldwide in 2019 and earned a revenue of $20.1 billion in 2020.
Considering the scale of its operations and its financial strength, it may not come as a surprise to anyone that hackers have chosen to target Fujifilm to force the company into paying a sizable ransom. In July last year, Japanese camera giant Canon also suffered a Maze ransomware attack that led to the compromise of the personal information of present and former employees from 2005 to 2020 and their beneficiaries and dependents.
Vitali Kremez, the CEO of Advanced Intel, has revealed to BleepingComputer that the ransomware attack targeting Fujifilm’s server is a direct result of the Qbot malware infection the company suffered in May. “Based on our unique threat prevention platform Andariel, FUJIFILM Corporate appeared to be infected with Qbot malware based on May 15, 2021.
“Since the underground ransomware turmoil, the Qbot malware group currently works with the REvil ransomware group. A network infection attributed to QBot automatically results in risks associated with future ransomware attacks,” Kremez said.
“Fuji will be the 3rd significant organisation in Japan to be impacted by ransomware in recent months. If it does turn out to be REvil group, it will be their first Japanese victim. REvil were the only ransomware group out of the 13 groups that Armis tracked in May to successfully disrupt a Chinese organisation,” says Andy Norton, European Cyber Risk Officer at Armis.
The announcement from Fujifilm comes at a time when the US government is urging public and private organisations to do more to prevent ransomware attacks from crippling their networks and systems. “All organisations must recognize that no company is safe from being targeted by ransomware, regardless of size or location,” Anne Neuberger, the Deputy National Security Advisor for Cyber and Emerging Technology, wrote in an open letter. “We urge you to take ransomware crime seriously and ensure your corporate cyber defense match the threat.”
“The most important takeaway from the recent spate of ransomware attacks on US, Irish, German and other organisations around the world is that companies that view ransomware as a threat to their core business operations rather than a simple risk of data theft will react and recover more effectively,” she added.