Japanese technology giant Olympus, known for manufacturing digital and optical copying technology, was hit by a ransomware attack by the BlackMatter group.
According to a statement by Olympus, there is an ongoing investigation over a ‘potential cybersecurity incident’ that affected their African, Middle Eastern, and European computer networks.
The statement further declared:
“Upon detection of suspicious activity, we immediately mobilized a specialized response team including forensics experts, and we are currently working with the highest priority to resolve this issue. As part of the investigation, we have suspended data transfers in the affected systems and have informed the relevant external partners”.
According to someone knowing about the attack, Olympus has been reviving from ransomware attacks that initiated early morning on September 8th. The person who knew about the attack shared the specifics of the scene way before Olympus itself acknowledged it on Sunday.
There was a ransomware note left on the computers infected that directed towards the BlackMatter group.
The note said, “Your network is encrypted, and not currently operational,” “If you pay, we will provide you the programs for decryption.” It further included a site address that could only be opened using The Onion Router (Tor browser), which BlackMatter uses to converse with its sufferer.
Emsisoft’s threat analyst and ransomware expert, Brett Callow, confirmed to TechCrunch that the note was linked to the BlackMatter group.
New: Olympus says it's investigating a cyberattack on its EMEA IT networks. A ransom note left behind on infected computers suggests it was hit by BlackMatter ransomware.https://t.co/3YRcIRxpys
— Zack Whittaker (@zackwhittaker) September 12, 2021
BlackMatter, a successor of various ransomware groups (e.g. DarkSide), is a ransomware-as-a-service group that recently returned from the cybercriminal underworld following a high-profile attack on the Colonial Pipeline, and REvil, that became quiet for many months after a significant number of companies were flooded with ransomware in the Kaseya attack.
However, these massive attacks came to peaked the attention of the US government that promised to take action if the critical infrastructure was compromised again. Joe Biden even hosted a cybersecurity meeting to curb this current spike.
BlackMatter and other groups rent the access to infrastructure that affiliates use for attacks, within which BlackMatter deducts their cut of the extorted ransom. Emsisoft has also discovered technical links and overlapped codes between DarkSide and BlackMatter.
With this ransomware group emerging in June, Emsisoft recorded over 40 ransomware attacks linked to BlackMatter. However, the complete number of sufferers is likely to be much higher.
BlackMatter and other ransomware groups usually steal a company’s data before encrypting their network and then threaten the company to publish its files online in case the ransom remains unpaid.
BlackMatter has another site connected with it that it uses to disclose its victims and the stolen data. But, at the time of the announcement, the site did not have an entry for Olympus.
According to Olympus, it was “currently working to determine the extent of the issue and will continue to provide updates as new information becomes available”.
An Olympus spokesperson, Christian Pott did not reply to any email or texts requesting comment.