FUJIFILM Corporation confirmed the company suffered a ransomware attack that disrupted its business operations. In the late evening of June 1, 2021, the company shut down all networks and servers to determine the extent and scale of the attack, and suspended all affected systems in coordination with their various global entities.
According to a statement, the company has been investigating the unauthorized access to its server from outside of the company, and has established a Special Task Force, including external experts. FUJIFILM confirmed that the impact of unauthorized access is confined to a specific network in Japan.
"We will continue to take all necessary measures to serve our customers and business partners in a secure way. We sincerely apologize to our customers and business partners for the inconvenience this has caused," the statement says.
As of June 4, the company started to bring the network, servers, and computers confirmed safe back into operation and has reported the incident to relevant government authorities and the police.
Hitesh Sheth, President and CEO at Vectra, a San Jose, Calif.-based AI cybersecurity company, explains, "In the Fujifilm attack, we see yet another critical infrastructure compromise. Fujifilm is a critical provider of processing technology for COVID-19 tests, so this hurts global public health efforts. Strategic attacks on large systems key to maintaining quality of life at scale – fuel, food, transport, now health – are accumulating on nearly a daily basis. Connect the dots; this concerted threats to everyday living that demand an even more concerted defense."
A new aspect of ransomware attacks seems to establish itself, which is the ‘out of an abundance of caution’ notion, says Dirk Schrader, Global Vice President, Security Research at New Net Technologies (NNT), a Naples, Fla.-based provider of cybersecurity and compliance software. "Companies detecting a likely ransomware attack are shutting down entire global IP networks, which is a tell-tale for the structure of those and the trust the companies have in their abilities to detect a potential attack early and to contain it within certain parts of their networks, to limit its spread. Security professionals have heard this statement, ‘we operate a rather flat network’, facing the issue of managing, of improving the security such a setup with their limited resources. It is also an indicator of the old ‘fortify the parameter’ paradigm still being widely in use."