{
	"id": "55ac4ed8-1cdc-4b67-8a0f-6fac4945c97b",
	"created_at": "2026-04-06T15:52:18.086749Z",
	"updated_at": "2026-04-10T03:24:30.294298Z",
	"deleted_at": null,
	"sha1_hash": "d5b4ca50ec6fe8868ebb54cca11bf694ebd763d3",
	"title": "Fujifilm confirms ransomware attack disrupted business operations",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1979551,
	"plain_text": "Fujifilm confirms ransomware attack disrupted business operations\r\nBy Lawrence Abrams\r\nPublished: 2021-06-04 · Archived: 2026-04-06 15:38:33 UTC\r\nToday, Japanese multinational conglomerate Fujifilm officially confirmed that they had suffered a ransomware attack earlier\r\nthis week that disrupted business operations.\r\nOn June 2, Fujifilm disclosed that they suffered a cyberattack but would not confirm if the attack was caused by\r\nransomware.\r\nHowever, in multiple conversations with Fujifilm employees, BleepingComputer learned that it was internally known that\r\nthe attack was caused by ransomware and that the company was forced to take down portions of its network worldwide.\r\nhttps://www.bleepingcomputer.com/news/security/fujifilm-confirms-ransomware-attack-disrupted-business-operations/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/fujifilm-confirms-ransomware-attack-disrupted-business-operations/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nAt approximately 10:0 AM EST on Tuesday, Fujifilm told employees to shut off their computers and all servers\r\nimmediately. Furthermore, the network outage prevented access to email, the billing system, and a reporting system.\r\nTo alert their customers, Fujifilm also added notifications to their websites warning customers about the disruption to their\r\nbusiness.\r\nNotification about cyberattack on Fujifilm website\r\nFujifilm confirms a ransomware attack\r\nToday, Fujifilm has released an updated statement that officially confirms that the attack was caused by ransomware\r\ndeployed on the night of June 1st, 2021.\r\nWe confirmed that the unauthorized access we recognized on the night of June 1, 2021 was ransomware.\r\nWe have confirmed that the scope of impact is limited to specific networks in the country.\r\nSince the range has been identified, from today, we are proceeding with the operation of servers and\r\npersonal computers that have been confirmed to be safe, and the networks that were blocked are also\r\nstarting communication in sequence.\r\nWhile it has not been disclosed what ransomware gang was behind the attack, it is believed to be the REvil ransomware\r\noperation.\r\nAdvanced Intel's Vitali Kremez told BleepingComputer that Fujifilm had recently been infected by the Qbot trojan, which is\r\ncurrently partnering with the REvil ransomware operation to provide remote access to compromised networks.\r\nUsing the remote access provided by the trojan, the REvil ransomware gang will infiltrate a network and spread slowly to\r\nother devices while stealing unencrypted data.\r\nOnce they gain access to a Windows domain administrator account and have harvested any data of value, they deploy the\r\nransomware throughout the system to encrypt devices.\r\nIf Fujifilm did not pay the ransom, we will know soon enough who was responsible, as the data will likely be released on a\r\nransomware data leak site as a further method to leverage a ransom payment.\r\nRansomware attacks see increased scrutiny\r\nWhile ransomware attacks have been a problem since 2012 and a target of numerous law enforcement operations in the past,\r\nthey have seen increased scrutiny recently after gangs targeted critical infrastructure, healthcare, and the food supply.\r\nLast month, the DarkSide ransomware operation attacked Colonial Pipeline, the largest US fuel pipeline. It led to a\r\nshutdown of the pipeline and a temporary shortage of gas in some states.\r\nAlso, last month, Ireland's HSE, the country's publicly funded healthcare system, and the Department of Health\r\nwere attacked by the Conti ransomware gang, leading to significant disruption in healthcare services.\r\nhttps://www.bleepingcomputer.com/news/security/fujifilm-confirms-ransomware-attack-disrupted-business-operations/\r\nPage 3 of 4\n\nMore recently, JBS, the world's largest meat producer, was attacked by the REvil ransomware operation, which led to the\r\ntemporary shut down of production sites. Today, JBS announced that they are back online and fully operational after\r\nrestoring from backups.\r\nAs most of the large ransomware operations are believed to be operated out of Russia, White House Press Secretary Jen\r\nPsaki said that President Biden would be discussing these attacks with Russian President Vladimir Putin at the June 16th\r\nGeneva summit.\r\n\"It will be a topic of discussion in direct, one-on-one discussions — or direct discussions with President Putin and President\r\nBiden happening in just a couple of weeks,\" Psaki said at the press briefing.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/fujifilm-confirms-ransomware-attack-disrupted-business-operations/\r\nhttps://www.bleepingcomputer.com/news/security/fujifilm-confirms-ransomware-attack-disrupted-business-operations/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/fujifilm-confirms-ransomware-attack-disrupted-business-operations/"
	],
	"report_names": [
		"fujifilm-confirms-ransomware-attack-disrupted-business-operations"
	],
	"threat_actors": [
		{
			"id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d",
			"created_at": "2022-10-25T16:07:24.139848Z",
			"updated_at": "2026-04-10T02:00:04.878798Z",
			"deleted_at": null,
			"main_name": "Safe",
			"aliases": [],
			"source_name": "ETDA:Safe",
			"tools": [
				"DebugView",
				"LZ77",
				"OpenDoc",
				"SafeDisk",
				"TypeConfig",
				"UPXShell",
				"UsbDoc",
				"UsbExe"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775490738,
	"ts_updated_at": 1775791470,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d5b4ca50ec6fe8868ebb54cca11bf694ebd763d3.pdf",
		"text": "https://archive.orkl.eu/d5b4ca50ec6fe8868ebb54cca11bf694ebd763d3.txt",
		"img": "https://archive.orkl.eu/d5b4ca50ec6fe8868ebb54cca11bf694ebd763d3.jpg"
	}
}