Ransomware Attack on FujiFilm

From Fujifilm becomes the latest victim of a network-crippling ransomware attack – TechCrunch &
Fujifilm Shuts Down Network After Suspected Ransomware Attack

"Fujifilm, which is best known for its digital imaging products but also produces high-tech medical kit, including devices for rapid processing of COVID-19 tests, confirmed that its Tokyo headquarters were hit by a cyberattack earlier this week. It is suspected to be a ransomware attack.

Fujifilm stated, “FUJIFILM Corporation is currently carrying out an investigation into possible unauthorized access to its server from outside of the company. As part of this investigation, the network is partially shut down and disconnected from external correspondence”.

The company said it has been aware of the possibility of a ransomware attack since the late evening of June 1, 2021, and that they have taken steps to suspend all affected systems.

Fujifilm apologized for the inconvenience to customers and business partners.

Due to the partial network outage, Fujifilm USA has posted a notice at the top of the website indicating that there are network issues affecting the email and phone system.

Author still unknown

While Fujifilm did not confirm the ransomware organization responsible for the attack, Advanced Intel CEO Vitali Kremez said that the company was affected by the Qbot virus last month.

The creators of the Qbot Trojan have a long history of working with ransomware to provide remote access to affected networks.

Initial forensic analysis suggests that the ransomware attack on Fujifilm started with the Qbot trojan infection some time last month, which gave hackers a foothold in the company’s systems with which to deliver the secondary ransomware payload.
Most recently, the Qbot trojan has been actively exploited by the REvil hacking collective, and it seems highly plausible that the Russian-based hackers are behind this cyberattack. REvil, also known as Sodinokibi, not only encrypts a victim’s files but also exfiltrates data from their network.

The hackers typically threaten to publish the victim’s files if their ransom isn’t paid. But a site on the dark web used by REvil to publicize stolen data appeared offline at the time of writing so it was not possible to verify if FujiFilm has suffered this fate.


Ransomware attacks are becoming ever more common in the heathcare (and other) spheres. All PACS Teams and Radiology Modality Leads (Superintendents) should really now have some form of plan for mitigation of hacking attempts on our equipment and have briefed department staff on what to do in the event of an outbreak. In an outbreak the situation moves quickly and without a plan significant disruption to patient care and costly damage will occur - we learned this once in Conficker and once again in WannaCry. HSE Ireland is also still affected right now.

Very few companies can defend entirely against state funded attacks and so no negativity should be implied towards Fujifilm for shutting down their networks - we need to all learn from what happened to them (and HSE Ireland!) to shore up our own defences. Once you become a hackers target, it’s very difficult to escape - it could have been any of a multitude of other companies or hospitals attacked.

Once again: no reflection on them, Fujifilm has just been the latest target in the world of these sophisticated attacks. Hopefully they will candidly share their findings to educate us all.

This kind of thing is becoming the new ‘normal’.

Thanks for sharing this @alex.

Do we know if this had had my impact in the UK? Have Fuji issues any guidance of actions we need to be aware of?

1 Like

Generally ransomware doesn’t do ‘targets’ as such. Its all about random. If you haven’t been hit already (at least to some level) you’d be one of the few. Beware the advice that email hygiene is the key. Its important but I came across an org that was hit (hard) after an exploit came in through email. In terms of hygiene:

  1. email was from a known source
  2. It was expected after a telephone conversation earlier in the morning, and formatted as expected.
  3. It past through 3 different anti-malware filters.
  4. If the org had a formal hygiene education process (it didn’t), the person who clicked on the PDF would have been the one selected to lead the education.

Lets be careful out there. (apols to anyone not old enough to remember Hill Street Blues)

1 Like