Olympus said in a brief statement on Sunday that it is “currently investigating a possible cybersecurity incident” affecting its computer network in Europe, the Middle East and Africa.
“Upon detecting suspicious activity, we immediately mobilized a specialized response team that includes forensic experts, and we are currently working with the highest priority to resolve this issue. As part of the investigation, we have suspended data transfers in the affected systems and have informed the relevant external partners, ”he added. statement said.
According to a person with knowledge of the incident, Olympus is recovering from a ransomware attack that began in the early morning of September 8.
A ransom note left on infected computers claimed to be from the BlackMatter ransomware group. “Their network is encrypted and is not currently operational,” it read. “If you pay, we will provide you with the decryption programs.” The ransom note also included a web address to a site accessible only through the Tor browser that BlackMatter is known to use to communicate with its victims.
Brett Callow, a ransomware expert and threat analyst at Emsisoft, told TechCrunch that the site on the ransom note is associated with the BlackMatter group.
BlackMatter is a ransomware-as-a-service group that was founded as a successor to several ransomware groups, including DarkSide, which recently recovered from the criminal world after the high-profile ransomware attack on Colonial Pipeline, and REvil, which remained silent for months. . after the Kaseya attack flooded hundreds of companies with ransomware. Both attacks came to the attention of the US government, which promised to take action if critical infrastructure was hit again.
Groups like BlackMatter rent access to their infrastructure, which affiliates use to launch attacks, while BlackMatter takes a share of the ransoms that are paid. So Emsisoft has technical links found and the code overlaps between Darkside and BlackMatter.
Since the group emerged in June, Emsisoft has recorded more than 40 ransomware attacks attributed to BlackMatter, but the total number of victims is likely to be significantly higher.
Ransomware groups like BlackMatter typically steal data from a company’s network before encrypting it, then threaten to post the files online if the ransom to decrypt them is not paid. Another site associated with BlackMatter, which the group uses to publicize its victims and tout stolen data, did not have an entry for Olympus at the time of publication.
It is not known whether Olympus paid the ransom or how much the ransomware group demanded.
Olympus, based in Japan, manufactures optical and digital reprography technology for the life sciences and medical industries. Until recently, the company made digital cameras and other electronics until it sold its struggling camera division in January.
Olympus said it was “currently working to determine the scope of the problem and will continue to provide updates as new information becomes available.”
Olympus spokesman Christian Pott did not respond to emails and text messages requesting comment.