Fujifilm, the Japanese conglomerate best known for their cameras and other imaging equipment, partially shut down its global network last week after discovering that they were under the threat of a ransomware attack. The news of the attack became public knowledge after the multinational company put out a statement on June 2nd 2021, reporting that their Tokyo-based headquarters fell victim to a suspected attack the day before. Approximately a week after the attack, Fujifilm has now confirmed that all its systems have been restored and will be up and running by the end of the week.
Fujifilm under attack
As per reports, Fujifilm was forced to shut down all servers and networks in the late evening of June 1st 2021. This was done to “determine the extent and scale of the attack” and coordinate with all their global entities to immediately suspend any and all affected systems. Due to the attack, Fujifilm confirmed that they were unable to accept and process any orders at the time. All their communications including calls, emails, etc. were also halted as a precautionary measure.
However, Fujifilm is still yet to disclose critical details about the attack like the identity of the ransomware and the exact amount of ransom demanded. Vitali Kremez, the CEO of Advanced Intelligence LLC, told Bleeping Computer that Fujifilm’s systems were infected with the Qbot trojan just a month ago. Kremez also attributed the Qbot infection to potential ransomware attacks in the future. A Qbot infection is normally initiated by a phishing attack, and the 13-year old trojan has a notorious history of teaming up with various ransomware groups such as ProLock and Egregor.
TechCrunch reports that:
“Most recently, the Qbot trojan has been actively exploited by the REvil hacking collective, and it seems highly plausible that the Russian-based hackers are behind this cyberattack.”via Ray Walsh, digital privacy expert at ProPrivacy
Even though it is suggested that REvil might be the masterminds behind that attack on Fujifilm, it was also reported that a dark web site that REvil regularly uses to publicize stolen data remains quiet about anything related to the Fujifilm attack.
Fujifilm has now confirmed that the company’s systems across Europe, the Middle-East, Africa, and the US have now been fully restored. Another positive sign for the company is that it has even started processing and delivering orders, an area that was critically affected by the cyberattack. A spokesperson from the company has also confirmed that the company has not paid any ransom for the attack. As per the company’s normal operating procedures and policies, the company backups have aided the swift restoration of their systems and network.
“From a European perspective, we have determined that there is no related risk to our network, servers and equipment in the EMEA region or that of our customers across EMEA. We presently have no indication that any of our regional systems have been compromised, including those involving customer data.”via spokesperson from Fujifilm Europe
Ransomware has been in the news more and more with the recent attack on Colonial Pipeline being one of the high-profile attacks in the world. As for the attack on Fujifilm, it is not clear whether there was any data stolen from the company. But, the company seems confident that there has been no loss, alteration or unauthorized use of company and customer data. The measures employed by Fujifilm to come out fairly unscathed from the attack shows that cybersecurity and data privacy should be of paramount importance to all companies in possession of critical data.