Japanese conglomerate Fujifilm has confirmed it was hit by a ransomware attack that forced it to shut down all of its network and servers.
In a statement published Friday, Fujifilm said the cyberattack was limited to a “specific network in Japan”. It first became aware of the unauthorised access late evening on 1 June 2021. It then shut down “all networks and servers systems” while it investigated the “extent and scale” of the attack.
The company said on Friday it had started to “bring the network, servers, and computers confirmed safe back into operation”.
“We sincerely apologise to our customers and business partners for the inconvenience this has caused,” the company said on Wednesday when it first confirmed the attack.
The Tokyo-headquartered conglomerate was once known for selling photographic film but now produces biotechnology, chemical and other digital imaging products.
The extent of the damage is not known, but it is common practice during a ransomware attack to disconnect the network to stop the malware’s spread. Verdict has contacted Fujifilm for comment.
“In many cases, it’s the abundance of caution on the victim’s side that causes them to initiate their own shutdowns of operations, not the attack itself causing the shutdown,” said Chris Grove, product evangelist at Nozomi Networks, an IoT security company. “The ransomware probably never hit the parts of the network that were isolated, but a decision was made by the facility operators to limit the blast radius of the attack, or segment off sections of infrastructure to protect it.”
According to security news site Bleeping Computer, Fujifilm was infected with the Qbot trojan last month. The group operating it is reportedly working with prolific ransomware-as-a-service gang REvil.
“Fuji will be the third significant organisation in Japan to be impacted by ransomware in recent months. If it does turn out to be REvil group, it will be their first Japanese victim,” said Andy Norton, European cyber-risk officer at Armis, a connected device security company.
It would also make Fujifilm the latest company to be targeted by REvil, a Russia-based gang that shares its file-encrypting malware and infrastructure with affiliated criminal groups in exchange for a cut of ransom payments.
This week the FBI said REvil ransomware, also known as Sodinokibi, was behind an attack on JBS, the world’s largest meat processor. In March REvil reportedly compromised Acer, demanding a $50m ransom payment.
Last month another ransomware-as-a-service gang called DarkSide compromised the IT network of Colonial Pipeline, forcing the company to shut down its fuel pipelines along the US East Coast for five days.
These attacks and others have propelled ransomware high on the agenda of US President Joe Biden. This week the White House published an advisory urging private sector organisations to “take ransomware crime seriously” and ensure “corporate cyber defences match the threat.”
Anne Neuberger, deputy assistant to the president and deputy national security advisor for cyber and emerging technology, added: “To understand your risk, business executives should immediately convene their leadership teams to discuss the ransomware threat and review corporate security posture and business continuity plans to ensure you have the ability to continue or quickly restore operations.”
From photo films to locked files
For much of the 20th century, Fujifilm dominated the photographic film market along with US rival Kodak. But with the evolution of digital cameras, demand for photographic film plummeted, forcing Fujifilm to diversify its business. It now sells a range of products including medical imaging and diagnostic equipment, pharmaceuticals, magnetic tape data storage and digital cameras, among others.
In the fiscal year ended 31 March 2021, it reported ¥2.2tr ($20bn) in revenue. Companies with large revenues are more lucrative targets for ransomware gangs, who often tailor demands based on their victim’s financial records to maximise the payout. However, ransomware gangs also exploit the path of least resistance and are known to attack companies of all sizes.
Mike Brown, CEO of Talion, praised Fujifilm for being “transparent” about the attack. Many companies do not publicly disclose when they’ve fallen victim to a cyberattack, which cybersecurity experts say makes it easier for criminals to operate in the shadows.
“More companies must follow suit. Ransomware attacks are inevitable today and do not mean a company has failed,” said Brown. “If organisations are more open and transparent about attacks, we will be better able to share experiences, exchange ideas and pool intelligence.
“The cybercriminals collaborate to make their attacks more successful, so we must collaborate to make our defences stronger.”
Companies are generally advised against paying ransom demands because there is no guarantee the files will be returned and it funds a criminal enterprise. Security experts also urge organisations to keep regularly updated backups so they can get back up and running.
“No solution is perfect, and attackers will get into the enterprise if they are determined enough with the resources to back their efforts,” said Tony Cole, CTO at cybersecurity firm Attivo Networks.