{ "id": "c3ca25dd-13d4-4d53-9a90-b35e7bd9174a", "created_at": "2026-04-06T00:06:43.967777Z", "updated_at": "2026-04-10T03:34:54.469514Z", "deleted_at": null, "sha1_hash": "391778f69ed2531fd1b39610da97b319c036a6e0", "title": "FUJIFILM shuts down network after suspected ransomware attack", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 2309237, "plain_text": "FUJIFILM shuts down network after suspected ransomware attack\r\nBy Lawrence Abrams\r\nPublished: 2021-06-02 · Archived: 2026-04-05 13:01:43 UTC\r\nFujiFilm is investigating a ransomware attack and has shut down portions of its network to prevent the attack's spread.\r\nFujiFilm, also known as just Fuji, is a Japanese multinational conglomerate headquartered in Tokyo, Japan, which initially\r\nstarted in optical film and cameras. It has grown to include pharmaceuticals, storage devices, photocopiers and printers\r\n(XEROX), and digital cameras.\r\nFUJIFILM earned $20.1 billion in 2020 and has 37,151 employees worldwide.\r\nhttps://www.bleepingcomputer.com/news/security/fujifilm-shuts-down-network-after-suspected-ransomware-attack/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/fujifilm-shuts-down-network-after-suspected-ransomware-attack/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nIf you have first-hand information about this or other unreported cyberattacks, you can confidentially contact us on Signal\r\nat +16469613731 or on Wire at @lawrenceabrams-bc.\r\nLikely ransomware attack\r\nToday, FUJIFILM announced that their Tokyo headquarters suffered a cyberattack Tuesday night that they indicate is\r\na ransomware attack.\r\n\"FUJIFILM Corporation is currently carrying out an investigation into possible unauthorized access to its server from\r\noutside of the company. As part of this investigation, the network is partially shut down and disconnected from external\r\ncorrespondence,\" FUJIFILM said in a statement.\r\n\"We want to state what we understand as of now and the measures that the company has taken. In the late evening of June 1,\r\n2021, we became aware of the possibility of a ransomware attack. As a result, we have taken measures to suspend all\r\naffected systems in coordination with our various global entities.\"\r\n\"We are currently working to determine the extent and the scale of the issue. We sincerely apologize to our customers and\r\nbusiness partners for the inconvenience this has caused.\"\r\nDue to the partial network outage, FUJIFILM USA has added an alert to the top of their website stating that they are\r\nexperiencing network problems that are impacting their email and phone systems.\r\nAlert about cyberattack on FUJIFILM USA website\r\nWhile FUJIFILM has not stated what ransomware group is responsible for the attack, Advanced Intel CEO Vitali Kremez\r\nhas told BleepingComputer that FUJIFILM was infected with the Qbot trojan last month.\r\n\"Based on our unique threat prevention platform Andariel, FUJIFILM Corporate appeared to be infected with Qbot malware\r\nbased on May 15, 2021,\" Kremez told BleepingComputer. \"Since the underground ransomware turmoil, the Qbot malware\r\ngroup currently works with the REvil ransomware group.\"\r\n\"A network infection attributed to QBot automatically results in risks associated with future ransomware attacks.\"\r\nThe operators of the Qbot trojan have a long history of working with ransomware operations to provide remote access to\r\ncompromised networks.\r\nIn the past, the ProLock and Egregor ransomware gangs partnered with Qbot, but with the shutdown of those operations, the\r\nREvil ransomware operation has been utilizing the botnet.\r\nWhile ransomware has been active since 2012, it has recently gained worldwide attention after the attacks on Colonial\r\nPipeline, the US's largest fuel pipeline, and the world's largest beef producer, JBS.\r\nThe US government has created a ransomware task force to recommend new policies and guidelines for battling the growing\r\nthreat.\r\nhttps://www.bleepingcomputer.com/news/security/fujifilm-shuts-down-network-after-suspected-ransomware-attack/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/fujifilm-shuts-down-network-after-suspected-ransomware-attack/\r\nhttps://www.bleepingcomputer.com/news/security/fujifilm-shuts-down-network-after-suspected-ransomware-attack/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "references": [ "https://www.bleepingcomputer.com/news/security/fujifilm-shuts-down-network-after-suspected-ransomware-attack/" ], "report_names": [ "fujifilm-shuts-down-network-after-suspected-ransomware-attack" ], "threat_actors": [ { "id": "838f6ced-12a4-4893-991a-36d231d96efd", "created_at": "2022-10-25T15:50:23.347455Z", "updated_at": "2026-04-10T02:00:05.295717Z", "deleted_at": null, "main_name": "Andariel", "aliases": [ "Andariel", "Silent Chollima", "PLUTONIUM", "Onyx Sleet" ], "source_name": "MITRE:Andariel", "tools": [ "Rifdoor", "gh0st RAT" ], "source_id": "MITRE", "reports": null }, { "id": "110e7160-a8cc-4a66-8550-f19f7d418117", "created_at": "2023-01-06T13:46:38.427592Z", "updated_at": "2026-04-10T02:00:02.969896Z", "deleted_at": null, "main_name": "Silent Chollima", "aliases": [ "Onyx Sleet", "PLUTONIUM", "OperationTroy", "Guardian of Peace", "GOP", "WHOis Team", "Andariel", "Subgroup: Andariel" ], "source_name": "MISPGALAXY:Silent Chollima", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "bc6e3644-3249-44f3-a277-354b7966dd1b", "created_at": "2022-10-25T16:07:23.760559Z", "updated_at": "2026-04-10T02:00:04.741239Z", "deleted_at": null, "main_name": "Andariel", "aliases": [ "APT 45", "Andariel", "G0138", "Jumpy Pisces", "Onyx Sleet", "Operation BLACKMINE", "Operation BLACKSHEEP/Phase 3.", "Operation Blacksmith", "Operation DESERTWOLF/Phase 3", "Operation GHOSTRAT", "Operation GoldenAxe", "Operation INITROY/Phase 1", "Operation INITROY/Phase 2", "Operation Mayday", "Operation VANXATM", "Operation XEDA", "Plutonium", "Silent Chollima", "Stonefly" ], "source_name": "ETDA:Andariel", "tools": [], "source_id": "ETDA", "reports": null }, { "id": "a2b92056-9378-4749-926b-7e10c4500dac", "created_at": "2023-01-06T13:46:38.430595Z", "updated_at": "2026-04-10T02:00:02.971571Z", "deleted_at": null, "main_name": "Lazarus Group", "aliases": [ "Operation DarkSeoul", "Bureau 121", "Group 77", "APT38", "NICKEL GLADSTONE", "G0082", "COPERNICIUM", "Moonstone Sleet", "Operation GhostSecret", "APT 38", "Appleworm", "Unit 121", "ATK3", "G0032", "ATK117", "NewRomanic Cyber Army Team", "Nickel Academy", "Sapphire Sleet", "Lazarus group", "Hastati Group", "Subgroup: Bluenoroff", "Operation Troy", "Black Artemis", "Dark Seoul", "Andariel", "Labyrinth Chollima", "Operation AppleJeus", "COVELLITE", "Citrine Sleet", "DEV-0139", "DEV-1222", "Hidden Cobra", "Bluenoroff", "Stardust Chollima", "Whois Hacking Team", "Diamond Sleet", "TA404", "BeagleBoyz", "APT-C-26" ], "source_name": "MISPGALAXY:Lazarus Group", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "771d9263-076e-4b6e-bd58-92b6555eb739", "created_at": "2025-08-07T02:03:25.092436Z", "updated_at": "2026-04-10T02:00:03.758541Z", "deleted_at": null, "main_name": "NICKEL HYATT", "aliases": [ "APT45 ", "Andariel", "Dark Seoul", "Jumpy Pisces ", "Onyx Sleet ", "RIFLE Campaign", "Silent Chollima ", "Stonefly ", "UN614 " ], "source_name": "Secureworks:NICKEL HYATT", "tools": [ "ActiveX 0-day", "DTrack", "HazyLoad", "HotCriossant", "Rifle", "UnitBot", "Valefor" ], "source_id": "Secureworks", "reports": null } ], "ts_created_at": 1775434003, "ts_updated_at": 1775792094, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/391778f69ed2531fd1b39610da97b319c036a6e0.pdf", "text": "https://archive.orkl.eu/391778f69ed2531fd1b39610da97b319c036a6e0.txt", "img": "https://archive.orkl.eu/391778f69ed2531fd1b39610da97b319c036a6e0.jpg" } }