Today, Japanese multinational conglomerate Fujifilm officially confirmed that they had suffered a ransomware attack earlier this week that disrupted business operations.
On June 2, Fujifilm disclosed that they suffered a cyberattack but would not confirm if the attack was caused by ransomware.
However, in multiple conversations with Fujifilm employees, BleepingComputer learned that it was internally known that the attack was caused by ransomware and that the company was forced to take down portions of its network worldwide.
At approximately 10:0 AM EST on Tuesday, Fujifilm told employees to shut off their computers and all servers immediately. Furthermore, the network outage prevented access to email, the billing system, and a reporting system.
To alert their customers, Fujifilm also added notifications to their websites warning customers about the disruption to their business.
Fujifilm confirms a ransomware attack
Today, Fujifilm has released an updated statement that officially confirms that the attack was caused by ransomware deployed on the night of June 1st, 2021.
We confirmed that the unauthorized access we recognized on the night of June 1, 2021 was ransomware.
We have confirmed that the scope of impact is limited to specific networks in the country.
Since the range has been identified, from today, we are proceeding with the operation of servers and personal computers that have been confirmed to be safe, and the networks that were blocked are also starting communication in sequence.
While it has not been disclosed what ransomware gang was behind the attack, it is believed to be the REvil ransomware operation.
Advanced Intel’s Vitali Kremez told BleepingComputer that Fujifilm had recently been infected by the Qbot trojan, which is currently partnering with the REvil ransomware operation to provide remote access to compromised networks.