Fujifilm, the Japanese film company that somehow survived (and then thrived) amidst the digital photography revolution, would appear to be the latest victim in a recent blitz of ransomware attacks. The firm has announced that it’s investigating the “possibility of a ransomware attack,” while noting that it was still working to determine “the extent and the scale” of the incident.
“FUJIFILM Corporation is currently carrying out an investigation into possible unauthorised access to its server from outside of the company,” it said in a statement Wednesday. “As part of this investigation, the network is partially shut down and disconnected from external correspondence,” the company further stated, while noting it had suspended “all affected systems in coordination with our various global entities.”
While it’s not yet clear who the culprits behind the attack are, Advanced Intel CEO Vitali Kremez told Bleeping Computer that the incident was preceded by a Qbot infection affecting the company’s systems. Qbot (also known by its alternative nicknames “Qakbot and Pinkslipbot,”) is a banking trojan used to steal personal and financial information. Historically speaking, Qbot’s proprietors are known to collaborate with ransomware gangs in order to carry out larger attacks.
“Based on our unique threat prevention platform Andariel, FUJIFILM Corporate appeared to be infected with Qbot malware based on May 15, 2021,” Kremez told the outlet. “Since the underground ransomware turmoil, the Qbot malware group currently works with the REvil ransomware group.”
When he talks about “turmoil,” Kremez is referencing a recent shakeup within the cybercrime ecosystem that was largely spurred by fallout from the Colonial Pipeline attack. In essence, Colonial was such a big attack that it finally encouraged governments to take action against criminal groups, which, in turn, encouraged said groups to shift their tactics and allegiances in an effort to evade the heat. Regardless of these changes, Colonial does not appear to have slowed down the ransomware industry at all. If anything, the attacks over the past few weeks seem increasingly brazen.
In the ransomware world, REvil has stood out for some of its more high-profile attacks — including ones involving an elite Hollywood law firm, Acer Computers, and Apple supplier Quanta. REvil is also believed to be the main culprit behind the JBS attack.
We have reached out to Fujifilm for further comment and will update this story when we hear back.