Japanese multinational group Fujifilm says it has resumed normal business and customer activity following a ransomware attack that forced it to shut down its entire network on June 4.
About 10:00 a.m. EST, Fujifilm asked employees to immediately shut down their computers and all servers on the network after a continuous network outage that prevented access to the company's emails and systems.
Although in most ransomware attacks, threatening agents exfiltrate the data before encrypting the victims' systems, Fujifilm said that "investigations that have been completed so far have found no leaks to the outside world."
The ransomware attack
While Fujifilm did not disclose the name of the ransomware company that managed to break into its network and shut it down on June 4, Advanced Intel CEO Vitali Kremez told BleepingComputer that some of the company's systems were infected with the Qbot trojan .
Qbot trojan operators have a long history of working with ransomware gangs, giving them remote access to previously infected networks.
The ProLock ransomware groups and Egregor They are known to have worked with Qbo in the past, but once those companies close, REvil is the new ransomware gang that uses botnet to gain access to victims' networks.
Although these are just theories at the moment, we will know more information soon as to who was behind the attack, as well as if data was stolen in the attack, as it will most likely circulate on a ransomware leak site and be used as leverage for to force Fujifilm to pay a ransom.
The Japanese multinational group FujiFilm based in Tokio reported revenue of $ 20,1 billion in 2020 and employs 37.151 people worldwide.
FujiFilm started with optical films and cameras and has expanded into other areas of activity, such as pharmaceuticals, storage devices and photocopiers and printers (XEROX).
Source of information: bleepingcomputer.com