Fujifilm Becomes the Latest Victim of a Network-Crippling Ransomware Attack

Japanese multinational conglomerate Fujifilm has been forced to shut down parts of its global network after falling victim to a suspected ransomware attack. From a report: The company, which is best known for its digital imaging products but also produces high-tech medical kit, including devices for rapid processing of COVID-19 tests, confirmed that its Tokyo headquarters was hit by a cyberattack on Tuesday evening. "Fujifilm Corporation is currently carrying out an investigation into possible unauthorized access to its server from outside of the company. As part of this investigation, the network is partially shut down and disconnected from external correspondence," the company said in a statement posted to its website. "We want to state what we understand as of now and the measures that the company has taken. In the late evening of June 1, 2021, we became aware of the possibility of a ransomware attack. As a result, we have taken measures to suspend all affected systems in coordination with our various global entities," it said.

turn up the heat on the h4x0rs

[Ritz_Just_Ritz]

Time to stop tiptoe-ing around these asshats and their enablers.

Re:turn up the heat on the h4x0rs

[The New Guy 2.0]

Really, this is enabled by crypto's anonymity letting them launder ill-gotten gains. About time somebody hacked down Bitcoin.

Re: turn up the heat on the h4x0rs

[ArmoredDragon]

And how do you do that, exactly? Tell every country, including Russia, to ban exchanges? Yeah right.

Even easier would be to make it illegal to pay the ransom by applying criminal sanctions (up to and including jail time) against anybody involved in paying the ransom.

Re:

[DigitalCH]

And how do you do that, exactly? Tell every country, including Russia, to ban exchanges? Yeah right..

The easy way is to take the wind out of crypto. In the US and most other countries financial firms have to obey KYC. Just declare bitcoin isn't compliant with that in any form and any transaction using those technologies can be forfeited with the financial services company on the hook. That would more or less kill it.

Re: turn up the heat on the h4x0rs

[ArmoredDragon]

Bitcoin exchanges don't have to be compliant with that. Besides, some of the bigger banks out there, like HSBC, basically ignore that. The US keeps hitting them with big fines, then they promise they'll be better next time, only to do it yet again.

Grow up, businesses ...

[CaptainDork]

... and become cyber-secure when you mature.

Re:

[TheRealMindChild]

If permissions are appropriate, the malware shouldn't be able to do anything outside of your local account. Which would be backed up.

Re:

[CaptainDork]

Well, shit. How 'bout we throw some of this AI bullshit at the problem?

1.) Have it follow the link in the email
2.) Predict what will happen
3.) An encrypt command or other nefarious crap? NO! Get IT.
4.) Don't allow encryption in workflow files

Apparently, AI will be a thing when the computer responds, "Not today, OK?"

Re:

[LordWabbit2]

What the hell are you whaffling about?
Predict what finger I'm about to hold up.

from external correspondence?

[oldgraybeard]

maybe someday, these corps will secure their network resources properly.

Re:

[Presence Eternal]

I figured out a better solution: Just send wave after wave of cash at the ransomers until they are all living on private islands, buried under too many super models to reach their keyboards.

So, is it Russia or China this time?

[Rosco P. Coltrane]

Cuz you know, the attacks never come from anywhere else...

Re:

[PPH]

One solution that some people have been trying is to include some Russian domain names (.ru) in company correspondence and network configurations. The thinking is that these state sponsored hackers don't want to step on the toes of Russian business partners or subsidiaries. So their exploits are programmed to shut down if they detect the possibility of one of them coming home.

It would be even better if the .ru addresses used would be associated with the Russian mob or government (redundant, I know). If the

Re:

[qaz123]

It will be funny if turns out they are actually from Ukraine, the current pet project of the West.

Re:

[LordWabbit2]

That would be funny, and since I know of several hacking groups from there it's not beyond the realm of possibility.

What will we do without film?!!

[jfdavis668]

Think of the children!

Re:

[The New Guy 2.0]

Well, Fuji like Kodak is trying to get rid of old style film. But some people still like it better than digital.

Antimalware?

[The New Guy 2.0]

Uh, why isn't there an antimalware solution to this?

Re:

[guruevi]

There is, people just choose not to implement it.

Re:

[The New Guy 2.0]

What is it?

One word.

[Seven Spirals]

Backups, bro. Backups.

Re:

[PPH]

What good do backups do if the malware is slipped into your system and then lays dormant for weeks? Or months? Restore to some point before the intrusion, but that might only recover tainted documents. All will look well until they start chewing through your servers again.

Re:

[fuzznutz]

Tainted documents? Do you mean encrypted documents?

If it took months to encrypt all the documents on your network, it would be detected and stopped. It may spread or lie dormant for months but the actual taint usually occurs quickly. Often overnight or on a weekend.

Re:

[PPH]

No. I mean tainted documents. Or whatever is attached to the incoming e-mail (or whatever). The attacker sends an executable attached to some e-mail. It installs itself in various systems but then sits there and does nothing. Maybe for weeks or months. Then it wakes up, encrypts your stuff and you get hit up for payment. So you say, "No problem. We'll just restore from a backup." But the contaminated content with the executable may have been in your system through several backup cycles. And if you revert to

Re:

[Seven Spirals]

Well, I'm sorry I have to spell it out for you, but "what good" they do is when you restore the files from before the ransomware attack. If your admin was smart and following a simple structured backup plan, then you'd have backups with different frequency & retention levels and you'd go back far enough that you could find the unadulterated copies of the files you wanted. Derp.

Re: Antimalware?

[guruevi]

Pretty much anything modern should be able to detect malware that starts encrypting the drive. You need the solution not just at the endpoints but also in the network and at the edge so it can detect anomalies and shut down parts of your network. These solutions can also âoedetonateâ any unrecognized piece of software in a VM and within seconds they know what it can do.

All the big names have some solution for the enterprise, they all implement some countermeasures.

Additionally you need backups and

Re:

[I, myself, and me]

When WannaCry went through the first time, it was asserted no sites running Avast fell victim.

Re:

[LordWabbit2]

Zero day hacks.
And look up how anitmalware identifies malware.
If someone rebuilds the payload (with tweaks) just for you then no antimalware is going to stop it.

How does stuff like this happen?

[Qbertino]

That's an honest question. Is it trojans - malicious E-Mail attachments that unsuspecting internal users open? Insecure external access to internal networks? Hacked private clients? Bad security policies? ... Is it really dimwit security neglected by corporate deciders ignoring the experts or is this l33+ h4XXors finding new ways to breach hithero unknown holes? Does anyone have any details on one of these recent ransomware events and can perhaps offer some insight?

I don't run a corporate network but I know

Re:

[random_nb]

It's an initial failure, followed by an abuse of chains of trust. Malicious document gets downloaded, and then Windows trusts that Word is allowed to interact with the Scheduled Tasks API, which is trusted to launch PowerShell, which is trusted to download further content from the Internet, which is trusted to extract saved credentials, which are trusted by other computers on the network, and so on.

Once enough administrative control is established on the network, any active security services are crippled

Stop: 1. Running Windows. 2. Not having backups

[Seven Spirals]

About 99% of these could be prevented by not using MS Windows, where the overwhelming majority of attacks are targetted, and second by having backups of the encrypted data being ransomed. If you have no backups, you are a fucking moron. That is most certainly NOT an IT "best-practice". It's hard to feel sorry for a bunch of Windows weasels who can't be bothered to do backups.

Re:

[LordWabbit2]

About 99% of these could be prevented by not using MS Windows, where the overwhelming majority of attacks are targetted

True, but only initially. If everyone switched to Linux then all the attacks would target Linux, and we would see the same penetration as we do in Windoze.
At least with Windoze there is only a few versions of the operating system to update, if it was Linux it would be untold versions of the operating system spread across how many devices and microwaves and calculators. In an odd way we

Re:

[Luthair]

There is a perfectly reasonable one for the IT staff - they may not have been given the time & resources to perform these tasks.

Re:

[Seven Spirals]

I feel it. I've been in that position myself. However, the business/operations cannot blame IT if they aren't given the resources. Someone, somewhere *did* make that call, and it's on them 100%.