Fujifilm Rejects Hacker Demands, Restores Servers via Backups

On June 3, Fujifilm partially shut down its servers in response to a ransomware attack. The company has reportedly heard from the hackers but is refusing to pay their ransom demands and will instead rely on backups to restore its servers.

According to a report on Verdict, Fujfilm has refused to pay the ransom demands and has already gotten its computer systems in the United States, Europe, the Middle East, and Africa back online and “fully operational.”

Some deliveries were partially halted due to the attack and lost access to some of its servers, but held fast and denied requests demanded by the ransomware gang. The company told Verdict that it had “sufficient backups in place as part of its normal operation procedure” and therefore did not need to pay the ransom to regain access to the stolen data.

Refusing ransoms like this is not just a matter of getting data back, however. Ransomware hackers will not only hold that data hostage, but often also threaten to release the information publicly if the demands are not met. However, Fujifilm Europe said that it is “highly confident that no loss, destruction, alteration, unauthorized use or disclosure of our data, or our customers’ data, on Fujifilm Europe’s systems has been detected.”

Fujifilm has declined to comment if the threat to publicly release data was specifically made by the ransomware hackers.

“From a European perspective, we have determined that there is no related risk to our network, servers, and equipment in the EMEA region or that of our customers across EMEA,” the Fujifilm representative said to Verdict. “We presently have no indication that any of our regional systems have been compromised, including those involving customer data.”

As noted in original coverage of the hack, Fujifilm was reportedly infected with a Qbot trojan last month, which is “a Windows banking trojan with worm features” that is “used to steal banking credentials, personal information, and financial data,” as explained by BleepingComputer.

Last year, Canon also fell victim to a ransomware attack where troves of personal employee information were stolen. Canon did not specifically state if it had paid the ransom, but as it specifically warned current and former employees that their data was at risk and provided complimentary membership to Experian’s IdentityWorks credit monitoring service, the company was clearly worried that the stolen data would find its way onto the dark web.