BlackMatter ransomware hits medical technology giant Olympus

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,242
41,364
Olympus, a leading medical technology company, is investigating a "potential cybersecurity incident" that impacted some of its EMEA (Europe, Middle East, Africa) IT systems last week.

Olympus has more than 31,000 employees worldwide and over 100 years of history developing for the medical, life sciences, and industrial equipment industries.

The company's camera, audio recorder, and binocular divisions have been transferred to OM Digital Solutions, which has been selling and distributing these products starting with January 2021.

Customer security not affected by the attack

"Olympus is currently investigating a potential cybersecurity incident affecting limited areas of its EMEA (Europe, Middle East, Africa) IT systems on September 8, 2021," the company said in a statement published Saturday, three days after the attack.

"Upon detection of suspicious activity, we immediately mobilized a specialized response team including forensics experts, and we are currently working with the highest priority to resolve this issue.

"As part of the investigation, we have suspended data transfers in the affected systems and have informed the relevant external partners."

Olympus also said that it's working on discovering the extent of the damage resulting from this attack and will share additional info as soon as it is available.

Christian Pott, company spokesperson responsible for Olympus corporate matters, also told BleepingComputer that customer security and service were not affected by the incident.

"The support, service and security of our customer has the highest priority and is not effected by this case," an Olympus spokesperson told BleepingComputer when contacted via email.

"Please understand, that we cannot give any further information or statement due to the ongoing process of internal and external investigation."

Signs of a BlackMatter ransomware attack

While Olympus did not share any details on the attackers' identity, ransom notes left on systems impacted during the breach point to a BlackMatter ransomware attack, as first reported by TechCrunch.

The same ransom notes also point to a Tor website the BlackMatter gang has used in the past to communicate with victims.

BlackMatter is a relatively new ransomware operation that surfaced at the end of July 2021 and was initially believed to be a rebrand of DarkSide ransomware.

From samples collected by researchers after some of their subsequent attacks, it was later confirmed that BlackMatter ransomware's encryption routines were the same custom and unique ones that DarkSide used.

The DarkSide operation shut down after attacking and shutting down Colonial Pipeline due to pressure from both international law enforcement and the US government.
 
Top