Fujifilm Corporation confirmed on Friday that the unauthorized access it became aware of in the late evening on June 1 was in fact a ransomware attack.
In a statement today, the company also said that the impact of the unauthorized access was confined to a specific network in Japan and that they had started to bring network, servers and computers confirmed as safe back into operation.
Fujifilm said the company has been carrying out an investigation into the incident with a task force that included external experts and had reported the incident to the relevant government authorities and police.
There’s still very limited information on the breach as the investigation continues, said Tony Cole, chief technology officer at Attivo Networks. Cole added that researcher Vitali Kremez claims that Qbot was used by the attackers, a claim that was reported in Bleeping Computer. Cole said while it certainly could be true, more data is needed to confirm this connection.
“It’s very interesting that these brazen ransomware attacks continue to increase while the United States is working feverishly with their allies to shut down attack groups when possible and put in place policies that will bring them to justice,” Cole said. “We should also start running public service announcements across the United States on simple best practices targeting adults and children, so they become more aware of the threat and start to understand the do’s and don’ts when on the Internet. This simple effort will help consumers and companies.”
Sean Nikkel, senior cyber threat intel analyst at Digital Shadows, added that Digital Shadows has not seen evidence of the usual leak/announcement sites tying Fujifilm to any particular ransomware at this time. However, he did say Qbot has a long history and has previously worked with other ransomware groups.
"We are continuing to monitor the situation, especially the breach sites, but have not seen anything that would definitively confirm or deny the involvement of a specific ransomware group," Nikkel said.