Fujifilm said it was investigating the ransomware damage on June 2nd. The work to ascertain the extent and extent of the damage is still ongoing. The company said that it is investigating the suspicion of unauthorized access from the outside to the server it uses, and said that it is blocking some networks and stopping external communication for the investigation.
It was confirmed that there was a ransomware attack at midnight on June 1, 2021, and the affected servers and PCs were stopped and the network was blocked. We confirmed that the unauthorized access recognized on June 1 was ransomware, and confirmed whether the scope of impact was limited to a specific network in Korea.
The attacker has not yet been identified, but experts say the Fujifilm system was infected with Qbot before the incident. Qbots are banking Trojans used to steal personal or financial information. Fujifilm appears to have been infected with the Qbot malware on May 15, and it is analyzed that the Qbot-related malicious group is cooperating with REvil.
Due to the influence of the Colonial Pipeline, which was forced to close for five days in the United States, governments around the world are changing their countermeasures against criminal groups. Despite these changes, the ransomware momentum is not waning. Rather, the attack seems to be becoming more daring. Revel begins to attack high-profile companies such as law firms, Acer, and Apple’s partner Quanta. It is also said to be involved in the attack on meat processing company JBS. Related information can be found here.