Olympus, a well-known medical technology organization, is finding a “probable cybersecurity incident” that affected some of its EMEA (Europe, Middle East, Africa) IT systems this week. Olympus has more than 31,000 employees across the world and over 100 years of history developing for the medical, life sciences, and industrial equipment industries.
The organization’s camera, audio recorder, and binocular have been shared with OM digital Solutions, which has been selling and transmitting these products initiating with January 2021.
Customer Security not impacted but the Attack
“Olympus is recently researching a probable cybersecurity incident impacting limited areas of its EMEA (European, Middle East, Africa) IT systems on 8th September, 2021,” the company said in a statement published Saturday, three days after the attack.
“During the assessment of suspicious activity, we urgently mobilized a specialized response team including the forensics experts, and we recently working with the highest priority to solve the issue. As part of this research, we have suspended data transfers are the affected systems and have informed the relevant external partners.”
Olympus also said that it’s working on discovering the extent of the damage resulting from this attack and will share additional info as soon as it is available. Christian Pott, the company spokesperson responsible for Olympus corporate matters, also told our experts that customer security and service were not affected by the incident.
“The support, service and security of our customer has the highest priority and is not affected by this case,” an Olympus spokesperson told our experts when contacted via email. “Please understand that we cannot give any further information or statement due to the ongoing process of internal and external investigation.”
Symbols of a BlackMatter Ransomware Attack
While Olympus did not transmit any information on the threat actor’s identity, ransom notes were left on systems affected during the hijacking point to a BlackMatter ransomware attack, as initially reported by TechCrunch. The same ransom notes also point to a Tor website the BlackMatter gang has utilized in the past to communicate with victims.
BlackMatter is a relatively new ransomware operation that surfaced at the end of July 2021 and was initially believed to be a rebrand of DarkSide ransomware. From samples collected by researchers after some of their subsequent attacks, it was later confirmed that BlackMatter ransomware’s encryption routines were the same custom and unique ones that DarkSide used.
The DarkSide operation shut down after attacking and shutting down Colonial Pipeline due to pressure from both international law enforcement and the US government.