BlackMatter Ransomware Gang Attacks Tech Giant Olympus, Extorts Ransom on Dark Web

Olympus, a large multinational corporation, said in a brief statement Sept. 11 that it is "currently investigating a potential cybersecurity incident affecting its computer networks in Europe, the Middle East and Africa."

"Immediately after detecting suspicious activity, we organized a dedicated response team including forensic experts, and we are currently addressing the issue with the highest priority. As part of the investigation, we have suspended data transfers in the affected systems and have notified relevant external partners." The statement said.

The ransom note left on the infected computer claimed to be from the BlackMatter ransomware group:"Your network is encrypted, and not currently operational. If you pay, we will provide you the programs for decryption." The ransom note also includes a dark web URL, accessible only through the Tor browser, that BlackMatter is known to use to communicate with victims.

Brett Callow, a ransomware expert and threat analyst at Emsisoft, said the website in the ransom letter is linked to the BlackMatter organization.

BlackMatter is a ransomware gang that is considered the successor to the now-retired DarkSide, LockBit 2.0 and REvil ransomware gangs. But SophosLabs' analysis shows that while there are similarities between DarkMatter and DarkSide ransomware, the code is not the same.

Emsisoft has logged more than 40 ransomware attacks attributed to BlackMatter since the group emerged in June, but the total number of victims is likely much higher.

Ransomware gangs such as BlackMatter typically steal data from a company's network before encrypting it and then threatening to release the files online if the ransom used to decrypt them is not paid. There is another BlackMatter-related dark web site used to advertise its victims and peddle stolen data, but it does not currently have an entry for Olympus data.

Olympus is a multinational company with more than 31,600 employees worldwide that produces optical and digital copying technology for the medical and life sciences industries. It was known in the past as a pioneer in analog and digital cameras, but sold its troubled camera division in January.

Olympus Corp. updated its statement on Sept. 14 to say.

We can confirm that the incident on September 8, 2021 was an attempted malware attack affecting parts of our sales and manufacturing networks in EMEA (Europe, Middle East, and Africa). We immediately suspended data transfers in these areas and informed the relevant external parties. We would like to reassure all our customers and partners that our daily business operations are working as normal, ensuring the uninterrupted supply of our services for patients.

We have reported the incident to the relevant government authorities. We will continue to take all necessary measures to serve our customers and business partners in a secure way.

According to the results of the investigation so far, no evidence of loss, unauthorized use or disclosure of our data has been detected. There is also no evidence that the cybersecurity incident affected any systems outside of the EMEA region.

Protecting our customers and partners and maintaining their trust in us is a top priority. We take the safety and security of data very seriously and we will continue to take measures to enhance our IT security.

We apologize for any inconvenience caused by this incident.