Fujifilm Shuts Down Servers Due to Possible Cyberattack

Fujifilm Corporation may have been the victim of a ransomware attack. The company says that it is looking into possible unauthorized access to its server from outside the company and has partially shut down its servers while it investigates.

Fujifilm says that the unauthorized access was attempted on June 1, 2021 and is considering the possibility of a ransomware attack. The company has not yet said if the attack was successful and if it believes any data was stolen.

The company posted the notice below to its website:

FUJIFILM Corporation is currently carrying out an investigation into possible unauthorized access to its server from outside of the company. As part of this investigation, the network is partially shut down and disconnected from external correspondence.

We want to state what we understand as of now and the measures that the company has taken. In the late evening of June 1, 2021, we became aware of the possibility of a ransomware attack. As a result, we have taken measures to suspend all affected systems in coordination with our various global entities.

We are currently working to determine the extent and the scale of the issue. We sincerely apologize to our customers and business partners for the inconvenience this has caused.

According to a report on BleepingComputer, Fujifilm was infected with a Qbot trojan last month. A Qbot trojan is “a Windows banking trojan with worm features active since at least 2009 and used to steal banking credentials, personal information, and financial data,” the publication explains.

“Based on our unique threat prevention platform Andariel, FUJIFILM Corporate appeared to be infected with Qbot malware based on May 15, 2021,” Advanced Intel CEO Vitali Kremez told BleepingComputer. “Since the underground ransomware turmoil, the Qbot malware group currently works with the REvil ransomware group. A network infection attributed to QBot automatically results in risks associated with future ransomware attacks.”

REvil — which stands for Ransomware Evil — is a notorious ransomware group that has targeted many high-profile companies in the past. The FBI recently attributed the major attack on United States Meatpacker JBS on REvil, though the group has not claimed responsibility for either at the time of publiation. NPR notes this is not unusual as ransomware groups do not usually post about attacks when they are in active negotiations with victims or if a victim pays the ransom.

Last year, Canon was hit by a ransomware attack that claimed over 10 terabytes of data and leaked internal emails. While the attack took place between July 20 and August 6, the company did not reveal details until November. No customer information was compromised in that attack.

Image credits: Background of header photo licensed via Depositphotos.