Olympus said in a brief statement on Sunday that it was “currently investigating a possible cyber security incident” affecting its European, Middle East and Africa computer networks.
“Upon learning of suspicious activity, we immediately assembled a specialized response team, including forensic experts, and we are currently working with the highest priority to resolve this issue. As part of the investigation, we have postponed data transfer to the affected systems Have done.
But according to a person familiar with the incident, Olympus is recovering from a ransomware attack that began early in the morning of September 8th.
The remaining ransom note on the infected computers is claimed to belong to the Blackmeter ransomware group. “Your network is encrypted, and is not currently operational,” he reads. “If you pay, we will provide you with programs for decryption.” The ransom note only includes a web address on a site accessible through the Tor Browser that BlackMater uses to communicate with its victims.
Emsisoft’s ransomware expert and threat analyst Brett Kello told TechCrunch that the site in the ransom note belonged to the Blackmator group.
Blackmeter is a ransomware-a-service group founded as a successor to several ransomware groups, including Darkside, which recently emerged from the criminal world following a high-profile ransomware attack on a colonial pipeline, and Revel, for which it has remained silent. Hundreds of companies were flooded with ransomware months after the Kasaya attack. Both attacks drew the attention of the U.S. government, which promised to take action if the complex infrastructure was affected again.
Groups like Blackmeter lease their infrastructure, which allies use to carry out attacks, while Blackmeter cuts off whatever ransom they pay. Emsisoft also has Technical links found And the code overlaps between the darkside and the blackmeter.
Since the groups emerged in June, Emsisoft has reported more than 40 ransomware attacks attributed to BlackMater, but the total number of victims is likely to be significantly higher.
Ransomware groups such as BlackMater typically steal data before encrypting the company’s network, and then threatening to publish the files online if no ransom is paid to decrypt the files. Another site associated with BlackMater, which the group uses to disclose its victims and stolen data, did not have access to Olympus at the time of publication.
Japan-headquartered Olympus manufactures optical and digital reprography technology for the medical and life sciences industries. Until recently, the company built digital cameras and other electronics until it sold its struggling camera division in January.
Olympus said it is “currently working to determine the extent of the issue and will continue to provide updates as new information becomes available.”
Olympus spokesman Christian Pote did not respond to emails and text messages requesting comment.