New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research

Search

FUJIFILM Suffers Ransomware Attack

FUJIFILM is investigating a ransomware attack and has shut down portions of its network to prevent the attack’s spread. FUJIFILM, also known as just Fuji, is a Japanese multinational conglomerate headquartered in Tokyo, Japan, which initially started in optical film and cameras. It has grown to include pharmaceuticals, storage devices, photocopiers and printers (XEROX), and digital cameras. Yesterday, FUJIFILM announced that their Tokyo headquarters suffered a cyberattack Tuesday night that they indicate is a ransomware attack. “FUJIFILM Corporation is currently carrying out an investigation into possible unauthorized access to its server from outside of the company. As part of this investigation, the network is partially shut down and disconnected from external correspondence,” FUJIFILM said in a statement. “We want to state what we understand as of now and the measures that the company has taken. In the late evening of June 1, 2021, we became aware of the possibility of a ransomware attack. As a result, we have taken measures to suspend all affected systems in coordination with our various global entities. We are currently working to determine the extent and the scale of the issue. We sincerely apologize to our customers and business partners for the inconvenience this has caused.” Due to the partial network outage, FUJIFILM USA has added an alert to the top of their website stating that they are experiencing network problems that are impacting their email and phone systems. While FUJIFILM has not stated what ransomware, group is responsible for the attack, Advanced Intel CEO Vitali Kremez has stated that FUJIFILM was infected with the Qbot trojan last month. “Based on our unique threat prevention platform Andariel, FUJIFILM Corporate appeared to be infected with Qbot malware based on May 15, 2021,” Kremez stated. “Since the underground ransomware turmoil, the Qbot malware group currently works with the REvil ransomware group.”

Analyst Notes

The extent of the breach is not yet known so it is advisable for anyone with an online account with FUJIFILM should change their credentials as soon as possible. Passwords should be unique to the login and be made complex through the use of special characters, case-sensitive characters and alpha-numeric characters.

https://www.bleepingcomputer.com/news/security/fujifilm-shuts-down-network-after-suspected-ransomware-attack/