Japanese multinational conglomerate Fujifilm has been forced to shut down parts of its global network after falling victim to a suspected ransomware attack.
The company, which is best known for its digital imaging products but also manufactures high-tech medical kits, including devices for rapid processing of COVID-19 tests, confirmed that the Tokyo headquarters were hit by a cyber attack on Tuesday night.
Fujifilm Corporation is currently conducting an investigation into possible unauthorized access to its server from outside the company. As part of this investigation, the network is partially closed and disconnected from external correspondence, “the company said in a statement posted on the website.
“We want to state what we understand now and what measures the company has taken. At the end of the evening of June 1
“We are currently working on determining the extent and extent of the problem. We sincerely apologize to our customers and business partners for the inconvenience this has caused. ”
As a result of the partial shutdown of the network, Fujifilm USA sent a message to the site that it is currently having issues affecting all forms of communication, including email and incoming calls. In an earlier statement, Fujifilm confirmed that the cyber attack also prevents the company from accepting and processing orders.
Fujifilm has not yet responded to our request for comment.
While Fujifilm stays close to further details, such as the identity of the ransom used in the attack, Bleeping Computer reports that the company’s servers are infected by Qbot. Advanced Intel chief executive Vitali Kremez told the publication that the company’s systems were hit by the 13-year-old Trojan, usually initiated by phishing, last month.
The creators of Qbot, also known as QakBot or QuakBot, have a long history of collaborating with ransomware operators. It previously worked with the ProLock and Egregor ransom gangs, but is currently said to be linked to the infamous REvil group.
“Initial forensic analysis suggests the ransomware attack on Fujifilm began with a Qbot Trojan infection last month, which gave hackers a foothold in the company’s systems to deliver the secondary ransom load,” Ray Walsh, digital privacy expert at ProPrivacy, told TechCrunch. . “Most recently, the Qbot Trojan has been actively exploited by the REvil hacking collective, and it seems very likely that the Russian-based hackers are behind this cyber attack.”
REvil, also known as Sodinokibi, not only encrypts the files of a victim, but also filters out data from the network. Hackers usually threaten to publish the victim’s files if the ransom is not paid. But one The website on the dark web used by REvil to publish stolen data appeared offline at the time of writing.
Ransomware attacks have grown so much since the start of the COVID-19 pandemic that they have become the largest single-revenue server for cybercriminals. Threat hunting and IT intelligence firm Group-IB estimates that the number of ransomware attacks increased by more than 150% in 2020, and that the average need for ransom increased more than double to $ 170,000.
At the time of writing, it is unclear whether Fujifilm has paid any ransom to the hackers responsible for the attack on the systems.