Japanese multinational conglomerate FujiFilm, headquartered in Tokyo suffered a ransomware attack on Tuesday night. The company has shut down portions of its network to prevent the attack's spread, as a precautionary measure.
"FUJIFILM Corporation is currently carrying out an investigation into possible unauthorized access to its server from outside of the company. As part of this investigation, the network is partially shut down and disconnected from external correspondence," the company said in a statement.
FujiFilm is renowned for its digital imaging products but also produces high-tech medical kits, including devices for the rapid processing of COVID-19 tests. Due to the partial network outage, FUJIFILM USA has added a notice to its website stating that it is currently experiencing network problems impacting its email and phone systems.
“We want to state what we understand as of now and the measures that the company has taken. In the late evening of June 1, 2021, we became aware of the possibility of a ransomware attack. As a result, we have taken measures to suspend all affected systems in coordination with our various global entities. We are currently working to determine the extent and the scale of the issue. We sincerely apologize to our customers and business partners for the inconvenience this has caused,” FujiFilm further added.
Threat hunting and cyber intelligence firm Group-IB estimated that the number of ransomware attacks grew by more than 150% in 2020 and that the average ransom demand increased more than twofold to $170,000.
While FUJIFILM has not stated what ransomware group is responsible for the attack, Advanced Intel CEO Vitali Kremez has told BleepingComputer that FUJIFILM was infected with the Qbot trojan last month.
"Based on our unique threat prevention platform Andariel, FUJIFILM Corporate appeared to be infected with Qbot malware based on May 15, 2021. Since the underground ransomware turmoil, the Qbot malware group currently works with the REvil ransomware group. A network infection attributed to QBot automatically results in risks associated with future ransomware attacks," Kremez told BleepingComputer.
Last week, hackers targeted the Japanese government organizations and gained access to the company's project management platform which resulted in data leaks from various government offices. One ministry had at least 76,000 email addresses exposed, including those belonging to individuals outside of the ministry.
