Olympus hit by Ransomware

Olympus, the technology giant, announced about the cybersecurity incident that is affecting its computer network in Europe, Middle East, and Africa. The company is currently undergoing an investigation for the same.

According to the statement, the company immediately took on board a response team, including forensics experts, as soon as the suspicious activity came into their notice.  It further highlighted that they are working with the highest priority to solve the issue. Also, data transfers in the affected systems have been suspended, and relevant external partners have been informed.

It has been heard through a person that Olympus is recovering from a ransomware attack. The note left on the infected computers is from the BlackMatter ransomware group. It states their network to be encrypted and not operational. It further demands payment for decryption programs. The note also had an address to a website accessible via the Tor Browser, which is renowned for being used by BlackMatter to converse with its victims.

Brett Callow, the Emsisoft ransomware expert and threat analyst, identified the note to be linked to the BlackMatter group.

Also Read: Accenture gets hit by Lockbit Ransomware

BlackMatter is a ransomware-as-a-service group that was likely the successor to several ransomware groups, including DarkSide and REvil, which have vanished for some time now. Both these attacks grabbed the attention of the U.S. government, which assured to take critical action if important infrastructure was hit once more.

BlackMatter rents infrastructure to affiliates for launching attacks and takes commission of the ransoms paid. Emsisoft also found connections and code overlaps between Darkside and BlackMatter.

Since June, when the group emerged, 40 ransomware attacks have been linked to BlackMatter as per Emsisoft, but the number of victims is expected to be higher.

Ransomware groups like BlackMatter are known to threaten companies to publish their data stolen from their network, if the ransom to decrypt the data is not paid.  

Olympus is headquartered in Japan and is popular for manufacturing optical and digital reprography technology for industries such as medical and life sciences. Until recently, it also made digital cameras and other electronics, but then in January, it sold its camera division.

Olympus claimed its efforts to determine the extent of the attack, and as it becomes aware of new information, it will provide updates accordingly. Christian Pott, an Olympus spokesperson, informed that customer service was not impacted.