Japanese multinational conglomerate Fujifilm has been pressured to close down components of its world community after falling sufferer to a suspected ransomware assault.
The corporate, which is finest recognized for its digital imaging merchandise but additionally produces excessive tech medical package together with units for fast processing of COVID-19 assessments, confirmed that its Tokyo headquarters was hit by a cyberattack on Tuesday night.
“Fujifilm Company is at present finishing up an investigation into potential unauthorized entry to its server from exterior of the corporate. As a part of this investigation, the community is partially shut down and disconnected from exterior correspondence,” the corporate stated in a press release posted to its web site.
“We need to state what we perceive as of now and the measures that the corporate has taken. Within the late night of June 1, 2021, we grew to become conscious of the potential for a ransomware assault. In consequence, now we have taken measures to droop all affected methods in coordination with our varied world entities.
“We’re at present working to find out the extent and the dimensions of the problem. We sincerely apologize to our prospects and enterprise companions for the inconvenience this has precipitated.”
On account of the partial community shutdown, Fujifilm USA added a discover to its web site stating that it’s at present experiencing issues affecting all types of communications, together with emails and incoming calls. In an earlier assertion, Fujifilm confirmed that the cyberattack can also be stopping the corporate from accepting and processing orders.
Fujifilm has but to answer our request for remark.
Whereas Fujifilm is conserving tight-lipped on additional particulars, such because the identification of the ransomware used within the assault, Bleeping Pc studies that the corporate’s servers have been contaminated by Qbot. Superior Intel CEO Vitali Kremez advised the publication that the corporate’s methods had been hit by the 13-year-old Trojan, usually initiated by phishing, final month.
The creators of Qbot, also referred to as QakBot or QuakBot, have an extended historical past of partnering with ransomware operators. It beforehand labored with the ProLock and Egregor ransomware gangs, however is at present stated to be linked with the infamous REvil group.
“Preliminary forensic evaluation means that the ransomware assault on Fujifilm began with a Qbot trojan an infection final month, which gave hackers a foothold within the firm’s methods with which to ship the secondary ransomware payload,” Ray Walsh, digital privateness knowledgeable at ProPrivacy, advised TechCrunch. “Most lately, the Qbot trojan has been actively exploited by the REvil hacking collective, and it appears extremely believable that the Russian-based hackers are behind this cyberattack.”
REvil, also referred to as Sodinokibi, not solely encrypts a sufferer’s recordsdata but additionally exfiltrates information from their community. The hackers usually threaten to publish the sufferer’s recordsdata if their ransom isn’t paid. However a website on the darkish internet utilized by REvil to publicize stolen information appeared offline on the time of writing.
Ransomware assaults have been on the rise because the begin of the COVID-19 pandemic, a lot in order that they’ve change into the largest single cash earner for cybercriminals. Menace searching and cyber intelligence agency Group-IB estimates that the variety of ransomware assaults grew by greater than 150% in 2020, and that the common ransom demand elevated greater than twofold to $170,000.
On the time of writing, it’s unclear whether or not Fujifilm has paid any ransom to the hackers accountable for the assault on its methods.