Olympus investigating reported ransomware attack with BlackMatter hallmarks
A Japanese technology manufacturer confirmed it is investigating a reported ransomware attack affecting business units in Europe, the Middle East and Africa dating back to Sept. 8.
In a statement Saturday, Tokyo-based Olympus said it’s looking into “a potential cybersecurity incident” that resulted in the suspicion of data transfers between relevant systems.
The apparent breach is in fact a ransomware incident that began on Sept. 8 carried out by a hacker who claims to be affiliated with the BlackMatter extortion group, TechCrunch first reported. The attacker included a note on infected computers promising to decrypt the relevant systems in exchange for payment, according to TechCrunch.
“Upon detection of suspicious activity, we immediately mobilized a specialized response team including forensics experts, and we are currently working with the highest priority to resolve this issue,” the company said.
The ransom message directed recipients to visit a page reportedly known to be affiliated with the BlackMatter group.
Threat intelligence firms reported that BlackMatter is revamped version of DarkSide, the Russia-based ransomware group that carried out the theft at Colonial Pipeline in May, an incident that sparked attention from the White House and led to a series of discussions between President Joe Biden and his Russian counterpart, Vladimir Putin. BlackMatter is also linked to REvil, another criminal hacking group.
Olympus is an international firm that specializes in the sale of camera equipment, voice recording devices and a range of scientific and medical technology, such as ultrasound and microscopes tools.