Fujifilm hit by ransomware attack, shuts down parts of its network globally

Fujifilm has had to shut down parts of its network around the world after getting hit by a suspected ransomware attack. According to the notice put up by the company on their website, their headquarters in Tokyo was hit by a ransomware attack on June 2. Reports have it that the disruption to Fujifilm's network has impacted its subsidiaries around the world. Fujifilm US has also added a notice on their website stating that they are currently facing issues that have impacted all forms of communication including incoming calls and emails.

“In the late evening of June 1, 2021, we became aware of the possibility of a ransomware attack. As a result, we have taken measures to suspend all affected systems in coordination with our various global entities,” states the notice on the Fujifilm website. Earlier the company had just posted that it would not be processing any orders thanks to the cyberattack.

"Fujifilm Corporation is currently carrying out an investigation into possible unauthorized access to its server from outside of the company. As part of this investigation, the network is partially shut down and disconnected from external correspondence,” Fujifilm said in a statement.

"We want to state what we understand as of now and the measures that the company has taken. In the late evening of June 1, 2021, we became aware of the possibility of a ransomware attack. As a result, we have taken measures to suspend all affected systems in coordination with our various global entities."

"We are currently working to determine the extent and the scale of the issue. We sincerely apologize to our customers and business partners for the inconvenience this has caused,” they added.

Fujifilm is yet to reveal the names of the threat actors responsible for the ransomware attack. However, the CEO of the cybersecurity firm Advanced Intel, Vitali Kremez told Bleeping Computer that Fujifilm was infected by the Qbot trojan in mid-May. The people at Advanced Intel indicated that these trojan writers often work in collaboration with ransomware operators and Qbot also functions the same way. As TechRadar points out, Qbot creators have a well-documented history of partnering with ransomware operators like ProLock and Egregor. "Since the underground ransomware turmoil, the Qbot malware group currently works with the REvil ransomware group," Kremez told Bleeping Computer.

The US has announced a series of precautions and steps to tackle the growing ransomware attacks which include setting up a task force and treating ransomware attacks as terrorist attacks. While the Fujifilm HQ is outside US jurisdiction, the attacks have affected the operations at Fujifilm US. This might prompt the US to take a stock of the situation.