Olympus faces attacks from BlackMatter ransomware

BlackMatter take data from a company's network before encrypting it and then threatens to publish the files online if the ransom is not paid

Olympus faces attacks from BlackMatter ransomware

Olympus stated in a statement released Sunday that the company is “currently investigating a suspected cybersecurity incident” affecting its computer network in Europe, the Middle East, and Africa.

They promptly deployed a specialized response team, including forensics experts, after detecting suspicious activity, and they are now trying to rectify this issue with the highest priority. According to the statement, they have halted data transfers in the affected systems and notified the necessary external partners as part of the inquiry. 

However, according to a source familiar with the situation, Olympus is recovering from a ransomware attack that began on September 8 in the early morning hours. Prior to Olympus recognizing the occurrence on Sunday, the source disclosed specifics about the incident.

The BlackMatter ransomware organization claimed responsibility for a ransom message placed on compromised machines. It says, “Your network is encrypted and not currently operational.” “If you pay, we will send you with the decryption programmes.” The ransom note also gave a web link for a site accessible only through the Tor Browser, which BlackMatter is known to employ to contact its victims. The domain mentioned in the ransom note is linked to the BlackMatter organization, according to Brett Callow, a ransomware expert, and threat analyst at Emsisoft.

BlackMatter is a ransomware-as-a-service group that was founded as a successor to several ransomware groups, including DarkSide, which recently exited the criminal world following the high-profile ransomware attack on Colonial Pipeline, and REvil, which went silent for months after the Kaseya ransomware attack infected hundreds of companies. Both attacks drew the attention of the United States government, which pledged to respond if key infrastructure was targeted again. 

Affiliates rent access to BlackMatter’s infrastructure, which they use to launch assaults, with BlackMatter taking a part of any ransoms paid. Darkside and BlackMatter share technical and coding commonalities, according to Emsisoft. Emsisoft has detected more than 40 ransomware assaults attributed to BlackMatter since the group started in June, although the total number of victims is likely to be much greater.

Ransomware gangs like as BlackMatter take data from a company’s network before encrypting it and then threatening to publish the files online if the ransom is not paid. At the time of publication, another site affiliated with BlackMatter, which the group uses to publicize its victims and boast stolen data, did not have an entry for Olympus.

Olympus is a Japanese company that makes optical and digital reprography equipment for the medical and life sciences industries. Until January, the firm manufactured digital cameras and other gadgets before selling its faltering camera segment. Olympus stated that it is actively determining the scope of the problem and will give updates when new information becomes available.