Firewall Firm is a Managed Cyber Security Company in India
Home » Tag: cyber intelligence

Tag Archives: cyber intelligence

Home » Tag: cyber intelligence

Fujifilm becomes the latest victim of a network-crippling ransomware attack

Japanese multinational conglomerate Fujifilm has been forced to shut down parts of its global network after falling victim to a suspected ransomware attack.

Fujifilm becomes the latest victim of a network-crippling ransomware attack

Fujifilm becomes the latest victim of a network-crippling ransomware attack

The company, which is best known for its digital imaging products but also produces high-tech medical kit, including devices for rapid processing of COVID-19 tests, confirmed that its Tokyo headquarters was hit by a cyberattack on Tuesday evening.

“Fujifilm Corporation is currently carrying out an investigation into possible unauthorized access to its server from outside of the company. As part of this investigation, the network is partially shut down and disconnected from external correspondence,” the company said in a statement posted to its website.

“We want to state what we understand as of now and the measures that the company has taken. In the late evening of June 1, 2021, we became aware of the possibility of a ransomware attack. As a result, we have taken measures to suspend all affected systems in coordination with our various global entities.

“We are currently working to determine the extent and the scale of the issue. We sincerely apologize to our customers and business partners for the inconvenience this has caused.”

As a result of the partial network shutdown, Fujifilm USA added a notice to its website stating that it is currently experiencing problems affecting all forms of communications, including emails and incoming calls. In an earlier statement, Fujifilm confirmed that the cyberattack is also preventing the company from accepting and processing orders.

Fujifilm has yet to respond to our request for comment.

While Fujifilm is keeping tight-lipped on further details, such as the identity of the ransomware used in the attack, Bleeping Computer reports that the company’s servers have been infected by Qbot. Advanced Intel CEO Vitali Kremez told the publication that the company’s systems were hit by the 13-year-old Trojan, typically initiated by phishing, last month.

The creators of Qbot, also known as QakBot or QuakBot, have a long history of partnering with ransomware operators. It previously worked with the ProLock and Egregor ransomware gangs, but is currently said to be linked with the notorious REvil group.

“Initial forensic analysis suggests that the ransomware attack on Fujifilm started with a Qbot trojan infection last month, which gave hackers a foothold in the company’s systems with which to deliver the secondary ransomware payload,” Ray Walsh, digital privacy expert at ProPrivacy, told TechCrunch. “Most recently, the Qbot trojan has been actively exploited by the REvil hacking collective, and it seems highly plausible that the Russian-based hackers are behind this cyberattack.”

REvil, also known as Sodinokibi, not only encrypts a victim’s files but also exfiltrates data from their network. The hackers typically threaten to publish the victim’s files if their ransom isn’t paid. But a site on the dark web used by REvil to publicize stolen data appeared offline at the time of writing.

Ransomware attacks have been on the rise since the start of the COVID-19 pandemic, so much so that they have become the biggest single money earner for cybercriminals. Threat hunting and cyber intelligence firm Group-IB estimates that the number of ransomware attacks grew by more than 150% in 2020, and that the average ransom demand increased more than twofold to $170,000.

At the time of writing, it’s unclear whether Fujifilm has paid any ransom to the hackers responsible for the attack on its systems.

Computer giant Acer hit by $50 million Ransomware Attack

REvil Ransomware Targets Acer’s Microsoft Exchange Server: Source

The notorious REvil ransomware gang recently targeted a Microsoft Exchange server on Taiwanese PC giant Acer’s domain, according to Advanced Intelligence CEO Vitali Kremez.

Computer giant Acer hit by $50 million Ransomware Attack

Computer giant Acer has been hit by a REvil ransomware attack where the threat actors are demanding the largest known ransom to date, $50,000,000.

Acer is a Taiwanese electronics and computer maker well-known for laptops, desktops, and monitors. Acer employs approximately 7,000 employees and earned $7.8 billion in 2019.

Yesterday, the ransomware gang announced on their data leak site that they had breached Acer and shared some images of allegedly stolen files as proof.

These leaked images are for documents that include financial spreadsheets, bank balances, and bank communications.

Acer did not provide a clear answer regarding whether they suffered a REvil ransomware attack, saying instead that they “reported recent abnormal situations” to relevant LEAs and DPAs.

You can read their complete response below:

“Acer routinely monitors its IT systems, and most cyberattacks are well defensed. Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries.”

“We have been continuously enhancing our cybersecurity infrastructure to protect business continuity and our information integrity. We urge all companies and organizations to adhere to cyber security disciplines and best practices, and be vigilant to any network activity abnormalities.” – Acer.

In requests for further details, Acer said “there is an ongoing investigation and for the sake of security, we are unable to comment on details.”

Highest known ransom demand

After publishing our story, Valery Marchive of LegMagIT discovered the REvil ransomware sample used in the Acer attack that demanded a whopping $50 million ransom.

Soon after, BleepingComputer found the sample and can confirm that based on the ransom note and the victim’s conversation with the attackers, the sample is from the cyberattack on Acer.

In conversations between the victim and REvil, which started on March 14th, the Acer representative showed shock at the massive $50 million demand.

Later in the chat, the REvil representative shared a link to the Acer data leak page, which was secret at the time.

The attackers also offered a 20% discount if payment was made by this past Wednesday. In return the ransomware gang would provide a decryptor, a vulnerability report, and the deletion of stolen files.

At one point, the REvil operation offered a cryptic warning to Acer “to not repeat the fate of the SolarWind.”

REvil’s 50 million demand is the largest known ransom to date, with the previous being the $30 million ransom from the Dairy Farm cyberattack, also by REvil.

Possible Microsoft Exchange exploitation

Vitali Kremez told BleepingComputer that Advanced Intel’s Andariel cyber intelligence platform detected that the Revil gang recently targeted a Microsoft Exchange server on Acer’s domain.

“Advanced Intel’s Andariel cyber intelligence system detected that one particular REvil affiliate pursued Microsoft Exchange weaponization,”

The threat actors behind the DearCry ransomware have already used the Proxy Logon vulnerability to deploy their ransomware but they are a smaller operation with fewer victims.

If REvil did exploit the recent Microsoft Exchange vulnerabilities to steal data or encrypt devices, it would be the first time one of the big game-hunting ransomware operations used this attack vector.

 

Read More »