As we speak, Japanese multinational conglomerate Fujifilm formally confirmed that that they had suffered a ransomware assault earlier this week that disrupted enterprise operations.
On June 2, Fujifilm disclosed that they suffered a cyberattack however wouldn’t verify if the assault was brought on by ransomware.
Nonetheless, in a number of conversations with Fujifilm staff, BleepingComputer discovered that it was internally recognized that the assault was brought on by ransomware and that the corporate was compelled to take down parts of its community worldwide.
At roughly 10:0 AM EST on Tuesday, Fujifilm instructed staff to close off their computer systems and all servers instantly. Moreover, the community outage prevented entry to e mail, the billing system, and a reporting system.
To alert their clients, Fujifilm additionally added notifications to their web sites warning clients concerning the disruption to their enterprise.
Fujifilm confirms a ransomware assault
As we speak, Fujifilm has released an updated statement that formally confirms that the assault was brought on by ransomware deployed on the evening of June 1st, 2021.
- We confirmed that the unauthorized entry we acknowledged on the evening of June 1, 2021 was ransomware.
- We have now confirmed that the scope of influence is proscribed to particular networks within the nation.
- Because the vary has been recognized, from at this time, we’re continuing with the operation of servers and private computer systems which have been confirmed to be secure, and the networks that had been blocked are additionally beginning communication in sequence.
Whereas it has not been disclosed what ransomware gang was behind the assault, it’s believed to be the REvil ransomware operation.
Superior Intel’s Vitali Kremez instructed BleepingComputer that Fujifilm had just lately been contaminated by the Qbot trojan, which is at the moment partnering with the REvil ransomware operation to supply distant entry to compromised networks.
Utilizing the distant entry offered by the trojan, the REvil ransomware gang will infiltrate a community and unfold slowly to different units whereas stealing unencrypted knowledge.
As soon as they achieve entry to a Home windows area administrator account and have harvested any knowledge of worth, they deploy the ransomware all through the system to encrypt units.
If Fujifilm didn’t pay the ransom, we’ll know quickly sufficient who was accountable, as the info will seemingly be launched on a ransomware data leak site as an additional technique to leverage a ransom cost.
Ransomware assaults see elevated scrutiny
Whereas ransomware assaults have been an issue since 2012 and a goal of quite a few law enforcement operations previously, they’ve seen elevated scrutiny just lately after gangs focused important infrastructure, healthcare, and the meals provide.
Final month, the DarkSide ransomware operation attacked Colonial Pipeline, the most important US gasoline pipeline. It led to a shutdown of the pipeline and a brief scarcity of gasoline in some states.
Additionally, final month, Eire’s HSE, the nation’s publicly funded healthcare system, and the Division of Well being had been attacked by the Conti ransomware gang, resulting in important disruption in healthcare companies.
Extra just lately, JBS, the world’s largest meat producer, was attacked by the REvil ransomware operation, which led to the short-term shut down of manufacturing websites. As we speak, JBS announced that they’re again on-line and totally operational after restoring from backups.
As many of the giant ransomware operations are believed to be operated out of Russia, White Home Press Secretary Jen Psaki stated that President Biden can be discussing these assaults with Russian President Vladimir Putin on the June sixteenth Geneva summit.
“It is going to be a subject of dialogue in direct, one-on-one discussions — or direct discussions with President Putin and President Biden taking place in simply a few weeks,” Psaki stated on the press briefing.