About

Olympus exposed to Ransomware attack

Tech company, Olympus has released a security statement that addresses the rumors around a ransomware attack on its IT infrastructure in the EMEA (Europe, Middle East, Africa) region. The company statement acknowledges that suspicious activity was found on some systems of the company and it is working on investigation to find the extent of the issue.

Olympus has released an updated statement. The key takeaways from this statement are that the ransomware attack is limited to the EMEA region, and there has been no impact on data. The full statement reads below:

We can confirm that the incident on September 8, 2021 was an attempted malware attack affecting parts of our sales and manufacturing networks in EMEA (Europe, Middle East, and Africa). We immediately suspended data transfers in these areas and informed the relevant external parties. We would like to reassure all our customers and partners that our daily business operations are working as normal, ensuring the uninterrupted supply of our services for patients.

We have reported the incident to the relevant government authorities. We will continue to take all necessary measures to serve our customers and business partners in a secure way.

According to the results of the investigation so far, no evidence of loss, unauthorized use or disclosure of our data has been detected. There is also no evidence that the cybersecurity incident affected any systems outside of the EMEA region.

As per the statement released by Olympus –

Upon detection of suspicious activity, we immediately mobilized a specialized response team including forensics experts, and we are currently working with the highest priority to resolve this issue. As part of the investigation, we have suspended data transfers in the affected systems and have informed the relevant external partners.

We are currently working to determine the extent of the issue and will continue to provide updates as new information becomes available. We apologize for any inconvenience this has caused.

The cyber security incident happened on 8th September. It was first disclosed by an anonymous user on the Internet who claimed that Olympus has received a ransomware note. The note was uncovered by Emsisoft’s Brett Callow who indicated that this ransomware seems to have been a work of BlackMatter. BlackMatter is a RaaS or Ransomware as a service operator that seems to have links with Darkside. A detailed note about the ransomware group BlackMatter can be found on the Sophos page. The ransomware operator has been at play since June 2021. It has so far targeted over 40 corporate networks. It boasts of combining the tech of Darkside and REvil to target its targets.

It remains to be seen how this ransomware attack pans out and if Olympus is constrained to pay ransom amounts to the ransomware operators.