Japanese multi-national conglomerate, FUJIFILM, detected unauthorized access to some of its servers on June 1, 2021. This activity ultimately resulted in a full-blown ransomware attack.
The global manufacturing giant says on Friday, June 4, it confirmed that the impact of the unauthorized server access was confined to a specific network in Japan.
While FUJIFILM has not elaborated on the nature of the attack, experts in the space are suggesting it might have been a Qbot attack, traditionally a banking trojan virus designed to steal personal information. Cyber criminals initiate this virus using spam email campaigns.
What FUJIFILM Operations Did the Qbot Ransomware Affect?
The attack disabled emails, phone calls and prevented the company from accepting and processing orders. Preventatively and in order to determine the extent of the attack, FUJIFILM shut down all networks and servers, and suspended all affected systems.
FUJIFILM denied paying ransom because, based on their own findings of the attack, the hackers were unable to attain sensitive information. They decided to use backups to restore their operations.
A note about denying ransom: Only in a situation where an organization is confident enough that sensitive data was not stolen can it ignore a ransom request.
Once the threat was isolated and FUJIFILM determined no additional risk to other networks, servers and equipment it restored backups and brought all systems back online.
How Do I Prevent Cyberattacks Like This?
First of all, good for FUJIFILM for having their act together so they were able to isolate and eliminate the threat to the point of not paying ransom. Like at FUJIFILM, so many attacks like this begin with good email security.
In fact, one of the popular malware methods used by cybercriminal, REvil is a Qbot (or Qakbot). A Qbot makes its way into a network to steal sensitive data. Hackers activate a Qbot using email links and attachments.
Want to learn more about how to prevent a cyberattack?
Read More: How to Prevent Ransomware