Malware that is 'not ransomware' wormed its way through Fujitsu Japan's systems

Fujitsu Japan says an unspecified "advanced" malware strain was to blame for a March data theft, insisting the strain was "not ransomware", yet it hasn't revealed how many individuals are affected.

The company has now concluded its investigation into the attack after previously announcing a "possible" data leak in March. Despite initially downplaying the likelihood of data theft, Fujitsu confirmed on Tuesday that affected individuals had been directly notified.

"We would like to offer our deepest apologies to all those involved for the great concern and inconvenience caused," the company said.

Fujitsu's description of the unnamed malware made it sound as though it was wormable. After infecting the first machine, it later spread to 48 other business computers, all localized to its internal Japan network.

"This malware was not ransomware, but rather a type of attack that used advanced techniques, such as disguising itself in various ways to make it difficult to detect," Fujitsu said.

There is also no evidence to suggest that the malware spread outside of the corporate network and to Fujitsu's customers' environments, for example.

All of the infected machines were isolated from the network after the malicious activity was detected and connections to external servers blocked, it said. Fujitsu added that the patterns of this malicious activity were also used to improve monitoring and detection measures.

Fujitsu brought in outside experts to help with its investigation, which involved analyzing communication and operation logs, it said, which is where it found evidence of the malware executing copying commands on various files.

"Because there is a possibility that these files may have been taken out illegally, we are assuming that they were taken out and responding to customers accordingly," it said.

"The files that were able to be copied contained personal information of some individuals and information related to the business of their customers, and we have reported this to the affected customers individually and are taking the necessary measures."

• Ransomware crews investing in custom data stealing malware
• ViperSoftX variant spotted abusing .NET runtime to disguise data theft
• Houthi rebels are operating their own GuardZoo spyware
• Eldorado ransomware-as-a-service gang targets Linux, Windows systems

Fujitsu didn't comment on the scale of the data theft, but given that notifications have been sent directly to affected individuals, per Japan's data protection laws, the attack must have met at least one of the following conditions set by the country's Personal information Protection Commission (PPC):

• The attack involved sensitive data

• The stolen data is likely to be misused for unlawful financial gain

• The personal data was stolen for a wrongful purpose

• The incident affected more than 1,000 data subjects

The PPC was notified. Fujitsu said it isn't aware of any stolen data being misused by malicious parties.

"In light of this incident, our company will strive to further strengthen its information security," it said. ®