Fujifilm Corporation shut down parts of its global network and servers due to a possible ransomware attack noticed the day before. On the 2nd, the company published in Japan the following statement: “Unauthorized access to Fujifilm servers. FUJIFILM Corporation is currently conducting an investigation into possible unauthorized access to its server from outside the company. As part of this investigation, the network was partially turned off and disconnected from external connections. We want to make clear what we understand from now on and the measures the company has taken. Late in the evening of June 1, 2021, we became aware of the possibility of a ransomware attack. As a result, we have taken steps to suspend all affected systems in coordination with our various global entities. We are currently working to determine the extent and scale of the problem. We sincerely apologize to our customers and business partners for the inconvenience this has caused.”
According to Bleeping Computer, Fujifilm was actually infected with the Qbot trojan in May. The operation of this trojan is linked to the Russian cybercriminal group REvil. Advanced Intel CEO Vitali Kremez told the publication that this trojan emerged 13 years ago, and that it is typically infected through phishing.
REvil, also known as Sodinokibi, allegedly hit JBS a week ago and Acer in March, demanding a $50 million ransom. The creators of Qbot, also known as QakBot or QuakBot, have a long history of partnering with ransomware operators. Previously, it worked with the ProLock and Egregor ransomware gangs, but is currently linked to the REvil group.