Olympus Investigates Alleged Ransomware Attack

Olympus Ransomware

Olympus is investigating a potential “cybersecurity incident” that occurred on September 8, 2021, currently believed to affect only the company’s EMEA (Europe, Middle East, Africa) IT systems.

Olympus is a global company in the medical, life sciences, and industrial equipment industries with more than 31,000 employees.

Olympus Mobilization of a Specialized Response Team

Olympus is treating this incident with the highest priority, it said, having mobilized a specialized response team as soon as the suspicious activity was detected. To minimize further damage, Olympus suspended data transfers in the involved systems as part of the investigation.

Olympus is in communication with all affected external partners, it said. The company also confirmed that their team is working diligently on uncovering the full impact of the attack.

“We are currently working to determine the extent of the issue and will continue to provide updates as new information becomes available. We apologize for any inconvenience this has caused,” the statement said.

Could This be Another BlackMatter Ransomware Attack?

According to a TechCrunch source, a ransom note was left on the infected computers, claiming that the BlackMatter ransomware group is behind the attack.

“Your network is encrypted, and not currently operational…If you pay, we will provide you the programs for decryption,” the note is said to state.

Per the source, the ransom note also provided a dark web address (one only accessible through a special browser, like the Tor Browser) that is known to be used by the BlackMatter ransomware group. An example of a BlackMatter ransom note was included in a recent US Department of Health and Human Services report.

Although it has not been stated by either Olympus or the hacker, ransomware gangs such as BlackMatter usually first steal data from an organization’s network and then encrypt it. The group follows that up by leaving a ransom demand that typically includes threatening to publish the files online if the ransom is not paid.

Earlier FBI alerts explained the tactics often used by ransomware gangs, following attacks on the US agriculture and healthcare sectors.

Who is BlackMatter?

BlackMatter is a ransomware-as-a-service group that began making its presence known in July 2021. The group claims that they do not attack industries such as hospitals and that if these entities are attacked, the organization can simply ask for free decryption. The US Department of Health and Human Services’ recent report supports the claim that the group does not target hospitals.

For more information on ransomware and how to protect yourself, read our article What is Ransomware? Find out all About Ransomware.

Security research coordinator
Kat is an IT security business consultant with experience in project management, process development, and leadership. She coordinates our team's research efforts in the field of cybersecurity, privacy, and censorship.