Olympus said in a brief statement on Sunday that it is “currently investigating a potential cybersecurity incident” affecting its computer networks in Europe, the Middle East and Africa.
“Upon detection of suspicious activity, we immediately mobilized a special response team, including forensic experts, and we are currently working with the highest priority to resolve the issue. As part of the investigation, we have suspended data transfer to the affected systems and notified the relevant external partners.” the statement said.
According to a person with knowledge of the incident, Olympus is recovering from the ransomware attack that started on the morning of 8 September.
Ransom notes left on infected computers claiming to be from the Blackmatter ransomware group. “Your network is encrypted, and is not currently operational,” it reads. “If you pay, we will provide you with the program for decryption.” The ransom note also included a web address for a site accessible only through the Tor browser that is used by Blackmatter to communicate with its victims.
Read more on Nerdshala
- Ransomware recovery can be expensive, not just the ransom
- Howard University cancels classes after ransomware attack
- This crowdsourced payment tracker seeks to solve ransomware visibility problem
- Kasia hack flooded hundreds of companies with ransomware
Ransomware expert and Emsisoft threat analyst Brett Callow told Nerdshala that the site in the ransom note is linked to the Blackmatter group.
BlackMatter is a ransomware-as-a-service group that was founded as the successor to several ransomware groups, including Darkside, which recently bounced from the criminal world after the high-profile ransomware attack on Colonial Pipeline, and Reville, which remained silent for months, ransomware flooded hundreds of companies after the Kasia attack. Both attacks caught the attention of the US government, which promised to act if critical infrastructure was affected again.
Groups such as Blackmatter rent access to their infrastructure, which allies use to launch attacks, while Blackmatter deducts whatever ransom is paid. Emsisoft also technical link found And there is overlap between Code Darkside and Blackmatter.
Since the group’s emergence in June, Emsisoft has recorded more than 40 ransomware attacks attributed to BlackMatter, but the total number of victims is likely to be much higher.
Ransomware groups such as BlackMatter usually steal data from a company’s network before it is encrypted, and later threaten to publish the files online if a ransom is not paid to decrypt the files. Another site linked to Blackmatter, which the group uses to publicize its victims and tout stolen data, had no entries for Olympus at the time of publication.
Japan-headquartered Olympus manufactures optical and digital reparography technology for the medical and life sciences industries. Until recently, the company manufactured digital cameras and other electronics until it sold its struggling camera division in January.
Olympus said it is “currently working to determine the extent of this issue and will continue to provide updates as new information becomes available.”
Olympus spokesman Christian Pot did not respond to emails and text messages requesting comment.