Ransomware Attacks Reoccur, This Time Olympus Becomes A Victim

JAKARTA – Data hacking by internet criminals is now becoming more massive. Sunday, September 12, technology company Olympus, reported that it is "currently investigating a potential cybersecurity incident" affecting computer networks in Europe, the Middle East, and Africa.

“After detecting suspicious activity, we immediately mobilized a dedicated response team including forensic experts, and we are currently working with the highest priority to resolve this issue. As part of the investigation, we have suspended the transfer of data in the affected systems and have notified the relevant external partners", the statement said.

But according to someone familiar with the incident, Olympus is recovering from a ransomware attack that began on the morning of September 8. This source shared details of the incident before Olympus acknowledged the incident on Sunday.

The ransom note left on the infected computer is claimed to be from the BlackMatter ransomware group. “Your network is encrypted, and is not currently operational”, the message reads. “If you pay, we will provide you with a program for decryption”.

The ransom note also includes a web address to a site accessible only through the Tor Browser known to be used by BlackMatter to communicate with its victims.

Brett Callow, a ransomware expert, and threat analyst at Emsisoft told TechCrunch that the site in the ransom note is linked to the BlackMatter group.

BlackMatter is a ransomware-as-a-service group that was founded as a successor to several ransomware groups, including DarkSide, which recently emerged from the criminal underbelly after the high-profile ransomware attack on Colonial Pipeline. Neither did REvil, which remained silent for months after the Kaseya attack flooded hundreds of companies with ransomware. Both attacks caught the attention of the US government, which has vowed to take action if critical infrastructure is again attacked.

Groups like BlackMatter lease access to their infrastructure, which affiliates use to launch attacks. Meanwhile, BlackMatter takes a cut of any ransom paid. Emsisoft also found overlapping technical links and code between Darkside and BlackMatter.

Since the group emerged in June, Emsisoft has recorded more than 40 ransomware attacks attributed to BlackMatter, but the total number of victims is likely to be much higher.

Ransomware groups like BlackMatter usually steal data from corporate networks before encrypting it. Then they threaten to publish the files online if the ransom to decrypt the files is not paid.

Another site linked to BlackMatter, which the group uses to publicize its victims and promote the stolen data, had no entry for Olympus at the time of publication.

Japan-headquartered Olympus manufactures optical and digital reprography technology for the medical and life sciences industries. Until recently, the company made digital cameras and other electronics until it sold its troubled camera division in January.

Olympus said it is "currently working to determine the extent of this issue and will continue to provide updates as new information becomes available". Christian Pott, a spokesman for Olympus, did not respond to emails and text messages when asked for comment.