Olympus said in a short statement on Sunday that it is “currently investigating potential cybersecurity incidents” affecting computer networks in Europe, the Middle East and Africa.
“As soon as suspicious activity was detected, we mobilized a dedicated response team, including forensic experts. We are currently working to resolve this issue with the highest priority. As part of our investigation, the affected system Suspended data transfer at and notified relevant external partners. ” The statement said..
However, according to those who know the incident, Olympus is recovering from the ransomware attack that began early in the morning of September 8. Before Olympus acknowledged the case on Sunday, he shared the details of the case.
The ransom memo left on the infected computer claimed to be from the BlackMatter ransomware group. It says, “The network is encrypted and is not currently working.” “If you pay, we will provide you with a program for decryption.” Ransom notes are only accessible from the Tor browser known to be used by BlackMatter to communicate with victims. Web addresses to various sites were also included.
Brett Callow, an Emsisoft ransomware expert and threat analyst, told TechCrunch that the ransom memo site is associated with the Black Matter group.
BlackMatter has recently bounced off the criminal world after a ransomware attack that drew attention to the colonial pipeline, as well as months. After Kasaya attack Hundreds of companies have been flooded with ransomware. Both attacks caught the attention of the US government. The US government has promised to take action if critical infrastructure is attacked again.
Groups like BlackMatter rent access to the infrastructure that affiliates use to launch attacks, but BlackMatter reduces all ransom paid. Emsisoft Technical link found And the code is duplicated between Darkside and BlackMatter.
Since the group emerged in June, Emsisoft has recorded more than 40 ransomware attacks from BlackMatter, but the total number of victims could increase significantly.
Ransomware groups like BlackMatter usually steal data from the corporate network before encrypting and later. Threatening to publish files online If you have not paid the ransom to decrypt the file. Another site related to BlackMatter, which the group uses to publicize victims and promote stolen data, did not have an Olympus entry at the time of publication.
Headquartered in Japan, Olympus manufactures optical and digital copying technologies for the medical and life sciences industries.Until recently, the company used to manufacture digital cameras and other electronic devices. Selling the struggling camera division In January.
“We are currently working to identify the scope of the problem and will continue to provide updates as new information becomes available,” Olympus said.
Olympus spokesman Christian Pot did not respond to emails or text messages asking for comment.
Technology giant Olympus hit by BlackMatter ransomware – TechCrunch Source link Technology giant Olympus hit by BlackMatter ransomware – TechCrunch