Cybercrime , Cybercrime as-a-service , Fraud Management & Cybercrime
Network Intrusion, Suspected Ransomware Attack at Fujifilm
Company Shut Down Part of Its Network That Was CompromisedJapanese conglomerate Fujifilm has shut down part of its network after it was compromised in a suspected ransomware attack, the company said in an update on Wednesday. There was no explanation given as to why Fujifilm suspected a ransomware attack, but if one occurred it would be the latest in a series of ransomware incidents targeting multinational companies.
See Also: Live Webinar | Active Directory Under Attack: How to Build a Resilient Enterprise
In a message posted to its website, Fujifilm, which is known for its camera products, said it detected a network compromise on Monday in what is believed to be a ransomware incident.
The company, which did not disclose more details on any ransomware strain or ransom amount, noted that it has partially shut down the affected networks and has blocked access from external sources.
"Fujifilm Corporation is currently carrying out an investigation into possible unauthorized access to its server from outside of the company. As a result, we have taken measures to suspend all affected systems in coordination with our various global entities." the company says in an official statement.
Fujifilm earned $20 billion in 2020 and has more than 37,000 employees worldwide. The company did not immediately respond to a request by ISMG for further information.
REvil a Suspect
In an email to ISMG, Ray Walsh, digital privacy expert at ProPrivacy, a resource for promoting digital freedom, noted that that it is believed the company was infected with the Qbot Trojan last month, often a precursor to ransom attacks. “This appears to be an extremely sophisticated cyberattack that was initiated last month via infection with the well-known Qbot Trojan. It appears that the cybercriminals behind this attack used the Qbot infection to gain a foothold in the system and deliver the secondary ransomware payload now locking up Fujifilm’s networks,” Walsh said.
“Most recently, security experts have noticed the Qbot Trojan being exploited in the wild by the REvil hacking collective, which is seeding the suspicion that those Russian-based hackers are behind this incident,” he added.
Other Major Hacks
The attacks against Fujifilm are the latest in a series of incidents targeting larger-scale enterprises.
On Monday, the world's largest meat supplier, JBS, revealed that a ransomware incident it detected on Sunday led it to shut down its servers in North America and Australia. On Wednesday, the FBI attributed the attack to the REvil gang, aka Sodinokibi (see: FBI Attributes JBS Attack to REvil Ransomware Operation).
On May 7, U.S. fuel supplier Colonial Pipeline Co. shut down its 5,500-mile pipeline, which runs north from Texas up the East Coast, after DarkSide ransomware targeted its systems.
The shutdown, which lasted for six days, caused fuel shortages. Colonial Pipeline paid a ransom of $4.4 million to receive the decryption tool.
A report by cryptocurrency analyses firm Chainalysis estimates that payments to ransomware gangs amounted to at least $370 million in 2020, up from less than $100 million in 2019.
In light of the rising number of ransomware incidents, the Justice Department in April launched the Ransomware and Digital Extortion Task Force, which aims to disrupt ransomware-wielding crime syndicates (see: DOJ Launches Task Force to Battle Ransomware Threat).