BlackMatter attacks Olympus computer network with…
Technology giant Olympus announced in a statement this weekend that it is “currently investigating a potential cybersecurity incident” affecting its computer network in Europe, the Middle East and Africa.
The statement said: “Following detection of suspicious activity, we immediately mobilized a specialized response team, including forensic experts, and we are currently working with the highest priority to resolve this issue. As part of the investigation, we have shut down the data transfer in the affected areas. systems have been suspended and we have informed the relevant external partners.”
But according to a person with knowledge of the cybersecurity incident, Olympus is recovering from a ransomware attack that started in the early morning of September 8. The person shared details of the incident before Olympus acknowledged the incident on Sunday.
A ransom note left on infected computers alleged to be from the BlackMatter ransomware group. “Your network is encrypted and is currently not operational,” it reads. “If you pay, we will provide you the programs for decryption.” The ransom note also contained a web address of a site accessible only through the Tor browser known to be used by BlackMatter to communicate with its victims.
Brett Callow, a ransomware expert and threat analyst at Emsisoft, told TechCrunch that the site is associated with the BlackMatter group in the ransom note.
BlackMatter is a ransomware-as-a-service group founded in July 2021 as the successor to several ransomware groups, including DarkSide, which recently jumped out of the criminal world after the high-profile ransomware attack on Colonial Pipeline, and REvil, that went silent for months after the Kaseya attack inundated hundreds of businesses with ransomware. Both attacks caught the attention of the US government, which promised to take action if critical infrastructure were to be hit again.
Ransomware groups such as BlackMatter typically steal data from a company’s network before encrypting it and later threaten to publish the files online if the ransom to decrypt the files is not paid.
Japan-based Olympus produces optical and digital reprography technology for the medical and life sciences industries. Until recently, the company built digital cameras and other electronics until it sold its struggling camera division in January.
Olympus said it is “currently in the process of determining the extent of the issue and will continue to provide updates as new information becomes available.”