Japanese Medical Equipment Manufacturer Olympus Hit by Ransomware

A new successful ransomware attack took place on September 8 and hit Japanese medical and precision optical equipment manufacturer Olympus.

The company reported that it is still investigating the fallout of the attack, which affected its networks located in the EMEA region. The threat actor involved in the attack appears to be the BlackMatter group - a relatively new name that emerged shortly after REvil and DarkSide group seemed to fade into oblivion.

The official statement from Olympus states the usual - the company became aware of "suspicious activity" on its network and engaged a security team. The investigation seems to be ongoing but Olympus did state that affected systems have been cut off from the remainder of the network.

TechCrunch reported that an entity who had information concerning the attack says the job was pulled off by BlackMatter, as evident by the ransom note dropped by the ransomware and the dark web address provided for contacting the cyber criminals, which has been associated with the BlackMatter outfit in the past.

Similarly to REvil and the DarkSide group, BlackMatter is operated on a ransomware as a service basis, which means the malware is handed out to third parties who later split the profits made from any ransom payments with the group running the operation.

ThreatPost quoted the CTO of cyber security firm Scythe, who went so far as to say that there are significant similarities between the mode of operation of DarkSide and the new BlackMatter entity.

Meanwhile, the other big ransomware threat actor, REvil, seems to be back in business, so to speak. The group took its servers back up and an alleged member of the core REvil group used a dark web forum as a venue to answer questions about the long vacation REvil took after its attack on IT giant Kaseya.

While there is relatively little detail available on the specifics of the ransomware job on Olympus, the fact that the big threat actors in the field keep scoring new big targets means there is no rest for the wicked and security teams can never rest easy.

September 14, 2021