On 4th of June 2021, the Japanese multinational conglomerate Fujifilm released a statement confirming that they had suffered a ransomware attack on the 1st of June which disrupted business operations.
The ransomware attack was discovered when FujiFilm started an investigation into an incident of unauthorized access that had occurred in the late evening of the 1st of June. When they concluded the attack was ransomware, the company was forced to shut down parts of its global network to reduce the spread and impact of the ransomware.
The shutdown impacted the running of business as the shutdown had prevented access to email, the billing system, and a reporting system. Therefore, Fujifilm added notices to their websites warning customers that it is currently experiencing problems affecting all forms of communications, including emails and incoming calls.
Even though FujiFilm has not disclosed what ransomware gang was behind the attack, it is believed to be the REvil ransomware group who are behind the attack as there is evidence that Fujifilm had recently been infected by the Qbot banking trojan, which is known to have been partnered with the REvil ransomware group at the time of the attack, to help provide the threat actors with remote access that is used to laterally move through victims’ networks.