Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label FujiFilm. Show all posts

Cyber Attackers Faced a Denial After Fujifilm Refused to Pay Ransom

 

Image Source: https://thebeachmuse.com/

Japanese conglomerate Fujifilm, earlier this month on Wednesday 2nd June published a short statement to reveal the illegitimate infiltration of its server by foreign parties. The unauthorized entry on 01 June was recognized by Fujifilm – which is formerly known for selling photographic films but today develops biotechnology, chemical, and other digital imaging devices. 

It re-established operations with backups and its PR systems now are fully operating in the United States, Europe, the Middle East, and Africa and are back to business as usual, according to a Fujifilm-spokesperson. 

However,  information such as strains of ransomware, delivery channels, damage scale, and the ransom requested by the cyber gang has not been disclosed. The corporation has not responded to the request for comments from the Information Security Media Group. 

Chloe Messdaghi, an independent cybersecurity disruption consultant and researcher, says Fujifilm apparently “took the first responsible steps of recognizing the situation and systematically shutting all systems down to examine the attack. There may have been some hiccups and bumps, but because they had done the solid work of ensuring their data backups and restoration processes were current, they were able to decline to pay extortion and their disruption to business was minimal.” 

S-RM Cyber Security, Risk, and Intelligence Consultancy anticipate that 46% of all cyber attacks were ransomware attacks between January 1, 2021, and March 31, 2021. 

The Colonial Pipeline and JBS meat processing company, and the D.C. Metro Police Department, have been the victims of some of the largest recent attacks in the U.S. 

In the wake of the attacks, the White House called on companies to enhance their cybersecurity. As per the reports, president Joe Biden ordered a federal probe ransomware task committee. 

Other businesses that were recently attacked by Ransomware but declined to pay ransom included CD Projekt Red, Ireland's State Health Service Provider, Health Service Executive; Canon, and Bose. Meanwhile, the Colonial Pipeline Co., which paid $4.3 million to DarkSide in May for a flawed decryptor, was one of the ransomware victims who decided to pay their attackers. The U.S. Department of Justice then recovered the number of bitcoins paid at 2.3 million dollars. 

The U.S. subsidiaries of the biggest meat processor in the world, JBS in Brazil, have lately given REvil's attackers an 11 million dollar ransom for their assurance that a decryption tool and a "guarantee" will not be released by them. 

The FBI has urged the victims to not pay the ransom and said, “Paying a ransom doesn’t guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.” 

The senior consultant of the risk management research organization, Shared Assessments, Charlie Miller, states the key elements for a risk management ransomware program involve upgrading the risk response plan, establishing a data boot to enable malware-free data recovery, offering corporate managers cyber-attack simulation programs to help evaluate and respond to risk, and purchasing cyber insurance.

Business Operation Gets Shut Down as FujiFilm Suffers An Attack

 

On Wednesday 2nd June, Fujifilm released a short statement to reveal the illegitimate infiltration of its server by foreign parties. However, it did not specify that whether the ransomware component used in the attack was recognized, whether any information was exfiltrated from its Internet, or whether attackers approached them for a ransom. 

Earlier on 4th June, Japan's global Fujifilm group formally announced that perhaps a ransomware attack that impacted corporate operational activities had been committed earlier in this week. 

“FUJIFILM Corporation is currently carrying out an investigation into possible unauthorized access to its server from outside of the company. As part of this investigation, the network is partially shut down and disconnected from external correspondence,” stated Fujifilm. 

In various interactions with Fujifilm employees though, it looked internally that ransomware was responsible for the attack and that the business had to disconnect pieces of its network around the world. 

Fujifilm advised their staff to shut down their laptops and all other servers immediately at roughly 10:00 AM EST on Tuesday. The network failure also blocked the email, the billing system, and the reporting system from being accessed. Fujifilm has also incorporated warning to its consumers of disruption of their operation to alert their customers. 

Whereas the ransomware gang behind the attack has still not been named, the REvil ransomware campaign is thought to be the case. The REvil ransomware gang will infiltrate a system and steadily expand to several other machines while collecting unencrypted data via the remote access offered by the Trojan. 

Once they get access to a domain admin account in the Windows domain and collect valuables, then they can use the ransomware to encrypt devices across the system. 

Operation DarkSide ransomware targeted last month the largest US petroleum pipeline, the Colonial Pipeline. In certain States it caused the pipeline to be shut down.

Last month, the Conti ransomware group attacked the HSE, the public health service in Ireland, and the Department of Health, leading to a major disturbance in health care services. 

"It will be a topic of discussion in direct, one-on-one discussions — or direct discussions with President Putin and President Biden happening in just a couple of weeks," Psaki said at the press briefing.

FujiFilm Shuts Down Network Following Ransomware Attack

 

Japanese multinational conglomerate FujiFilm, headquartered in Tokyo suffered a ransomware attack on Tuesday night. The company has shut down portions of its network to prevent the attack's spread, as a precautionary measure. 

"FUJIFILM Corporation is currently carrying out an investigation into possible unauthorized access to its server from outside of the company. As part of this investigation, the network is partially shut down and disconnected from external correspondence," the company said in a statement.

FujiFilm is renowned for its digital imaging products but also produces high-tech medical kits, including devices for the rapid processing of COVID-19 tests. Due to the partial network outage, FUJIFILM USA has added a notice to its website stating that it is currently experiencing network problems impacting its email and phone systems. 

“We want to state what we understand as of now and the measures that the company has taken. In the late evening of June 1, 2021, we became aware of the possibility of a ransomware attack. As a result, we have taken measures to suspend all affected systems in coordination with our various global entities. We are currently working to determine the extent and the scale of the issue. We sincerely apologize to our customers and business partners for the inconvenience this has caused,” FujiFilm further added. 

Threat hunting and cyber intelligence firm Group-IB estimated that the number of ransomware attacks grew by more than 150% in 2020 and that the average ransom demand increased more than twofold to $170,000.

While FUJIFILM has not stated what ransomware group is responsible for the attack, Advanced Intel CEO Vitali Kremez has told BleepingComputer that FUJIFILM was infected with the Qbot trojan last month.

"Based on our unique threat prevention platform Andariel, FUJIFILM Corporate appeared to be infected with Qbot malware based on May 15, 2021. Since the underground ransomware turmoil, the Qbot malware group currently works with the REvil ransomware group. A network infection attributed to QBot automatically results in risks associated with future ransomware attacks," Kremez told BleepingComputer.

Last week, hackers targeted the Japanese government organizations and gained access to the company's project management platform which resulted in data leaks from various government offices. One ministry had at least 76,000 email addresses exposed, including those belonging to individuals outside of the ministry.