The Japanese company Olympus, which basically manufactures equipment for medical and research purposes, is said to have fallen his victim BlackMatter ransomware.
Olympus issued a brief statement on Sunday stating that it was investigating a possible cyber security incident affects its computer network in Europe, the Middle East and Africa.
"When suspicious activity was detected, we immediately mobilized a specialized response team, including specialist investigators, and are currently working to resolve this issue. As part of the investigation, we have suspended the transfer of data to the affected systems and informed the relevant external partners", Reports the announcement the company's.
TechCrunch reports that a person familiar with the incident said Olympus encountered one ransomware attack which began in the early hours of September 8th. In fact, this person seems to have given some details about the attack, before Olympus announced the incident.
According to this person, the attackers left a ransom note on the infected computers, which he claims comes from the group ransomware BlackMatter. "Your network is encrypted and is not currently working", He states. "If you pay, we will give you the decryption programs“. The ransom note also included a an address on a site accessible only through the Tor Browser, known to be used by the BlackMatter ransomware gang to communicate with victims.
Ο Brett Callow, ransomware attacks specialist and threat analyst at Emsisoft, told TechCrunch that the ransom note site on Olympus is indeed affiliated with the BlackMatter team.
BlackMatter is one Ransomware-as-a-service, created as the successor to several ransomware, including DarkSide and Revil, which had recently disappeared after major attacks that caught the attention of the American authorities.
Ransomware groups, such as BlackMatter, rent access to infrastructure resulting in it being used by other criminals to carry out attacks. In return, the BlackMatter team receives ransom rates. Emsisoft has also found common code and technical elements between Darkside and BlackMatter ransomware.
Since the group's release in June, Emsisoft has recorded more than 40 ransomware attacks attributed to the BlackMatter gang and its affiliates. However, the number of victims may be higher.
Ransomware groups, such as BlackMatter, steal data from a company's network before it is encrypted and later threaten to publish the files online if the victims do not pay the ransom.
The Japanese company Olympus is known for manufacturing technology and equipment for the medical and life sciences industries. Until recently, the company manufactured digital cameras and other electronics, until it left the industry, selling its respective division.
Olympus said it was working to determine the extent of the issue and would continue to provide updates as soon as new information became available.