Friday, June 04, 2021

NEW AGE PIRATES 
Potential ransomware attack: Fujifilm shuts down systems, warns partners worldwide
2 Jun, 2021 


Photo / 123RF

By: Chris Keall

Business writer, NZ Heraldchris.keall@nzherald.co.nz@ChrisKeall

Japanese giant Fujifilm has taken all of its servers and PCs offline after a suspected ransomware attack.

The multinational is best known as a maker of cameras and film - and more, recently, kiosks in malls and pharmacies for DIY digital photo printing - but also makes high tech medical gear including devices for rapid processing of Covid-19 tests.

Read More
Why are our defences so shaky? The Waikato ransomware attack in 20 questions

A message sent to local partner around 4am NZT this morning says, "FUJIFILM Corporation in Tokyo became aware of the possibility of a ransomware attack, which has already infected multiple PCs and servers in Japan."

Systems were being closed down out of "an abundance of caution".

"Fujifilm will be turning off our network and server environment and will therefore not be able to receive and fulfill orders," the email says.

"We appreciate that this has a big impact on business today, but at this moment it is not clear how long this situation will continue."

The local partner told the Herald that the only way to contact the company was by phone. Fujifilm's NZ operation did not immediately respond to a request for comment by phone.

This morning, Crown agency Cert NZ released its latest quarterly report, showing another increase in financial harm caused by cyberattacks.

Ransomware hackers have gone after larger targets in 2021, with recent victims including giant meat processor JBS, supplier of around a fifth of US beef, the Colonial Pipeline (supplier of around 20 per cent of fuel to the US East Coast), Canon and, at home, the Waikato DHB, which continues to grapple with the aftermath of a May 18 attack

Possible Fujifilm ransomware attack reportedly linked to REvil

Biden administration releases ambitious cyber security executive order

Possible Fujifilm ransomware attack reportedly linked to REvil

The potential of a ransomware attack was identified on 1 June.
Sasha Karen (ARN)04 June, 2021 

Credit: Photo 20901106 © Tomasz Bidermann | Dreamstime.com

Fujifilm Corporation has shut down parts of its global network and servers due to a potential ransomware attack.

The Tokyo-headquartered digital imaging and medical technology equipment specialist said on 2 June (local time) that it was investigating unauthorised access to its servers and has shut down and disconnected its network from external sources as a precautionary measure.

“In the late evening of June 1, 2021, we became aware of the possibility of a ransomware attack," Fujifilm said in a statement. “As a result, we have taken measures to suspend all affected systems in coordination with our various global entities.”

According to Bleeping Computer, Fujifilm was infected with the Qbot trojan in May, which has been linked to the Russian cyber criminal group REvil. Advanced Intel CEO Vitali Kremez told the publication that Fujifilm's systems were hit by the 13-year-old Trojan, typically initiated by phishing, last month.

REvil, also known as Sodinokibi, reportedly hit Acer with a US$50 million ransom after attacking it in March, and was this week was linked to an attack on American meat supplier JBS, which also has operations in Australia.

Fujifilm Business Innovation — the company previously known as Fuji Xerox that operates across the printers and documents, cloud, artificial intelligence and the internet of things (IoT) sectors — was unaffected by the potential attack due to using different servers and networks.

At least one Fujifilm regional arm that was temporarily shut down was its Americas operations, with a notice on its US website claiming that it found no impact on its network or servers in the region after an initial investigation.

As a result, its systems have been brought back online on 3 June, with business in the region to become fully operational by 4 June.

A similar statement on its UK website claims that, for some of its entities, the potential attack has impacted all forms of communications, including emails and incoming calls, which come through its network systems.

No comments: