While it’s unknown which threat actor was behind this, a security researcher said that Fujifilm’s corporate network was recently infected by Qbot trojan, working with the REvil group.
Fujifilm Ransomware Attack
Fujifilm, the company started that started by making optical films and cameras, has now grown into a huge conglomerate. It’s now in the business of digital cameras, Pharmaceuticals, storage devices, photocopiers, and printer manufacturing. With over $20 billion in revenue in 2020 and more than 37,000 employees worldwide, Fujifilm (or just Fuji) is a lucrative target for cybercriminals. Today, Fujifilm has disclosed a cyberattack against its Tokyo-based headquarters that disrupted some of its services. Considering it as a ransomware attack, Fujifilm said it has partially shut down some of its IT systems to contain the spread. Further, it’s now investigating the “possible unauthorized access to its server from outside of the company.” The attack became aware on the late evening of June 1, 2021, that triggered the company to deploy measures that have now affected its operations with various global entities. In its statement, Fujifilm said, “We are currently working to determine the extent and the scale of the issue. We sincerely apologize to our customers and business partners for the inconvenience this has caused.” While the actual threat actor behind this incident is yet to be known, a security researcher named Vitali Kremez has told BleepingComputer last month that Fujifilm’s network was infected with Qbot trojan. As per Kremez, “A network infection attributed to QBot automatically results in risks associated with future ransomware attacks.” While Qbot initially worked with Egregor and ProLock, it’s now tied up with the REvil ransomware group since the former two partners have shut down their operations.