Olympus has issued an announcement over the weekend, informing the public of a cybersecurity incident that has affected its IT systems since September 8, 2021, and is ongoing. The firm says its IT team is investigating the incident to evaluate its scope and effects, while forensics experts are working with its response group to resolve the issue as quickly as possible. The firm has promised to give updates when new information or more details become available, but so far, no updates have been posted on the website.
According to Emsisoft researchers who have been following the case closely, the actor responsible for the disruption is ‘BlackMatter,’ who has kept the issue private for now so as to allow Olympus to resolve the case by paying the ransom without much fuss. We have checked the dark web portal of the group, and there’s no listing with any Olympus files there yet. Maybe the window for private negotiations hasn’t closed yet, or the actors didn’t manage to exfiltrate any data that would be useful for double-extortion. However, that second part is highly unlikely.
‘BlackMatter’ appeared in the scene in July this year as a new top-tier RaaS operator going for big-game hunting. So far, they have compromised the corporate networks of around 40 large companies and organizations, making a significant impact in the cybercrime space. Emsisoft has also mentioned several technical overlaps between that group and the ‘Darkside,’ so a rebrand meant to shake off the heat from the law enforcement authorities following the Colonial Pipeline attack is very likely.
As for Olympus, the Japanese company optics and reprography products manufacturer mostly known for its cameras has sold that division to ‘Japan Industrial Partners’ last year but remains a large and healthy company with profitable operations supported by medical, industrial, and scientific fields. As such, they remain an excellent target for ransomware actors who are looking to make a good bust.
We have reached out to the company to ask for more details about what happened and whether or not they also suffered a data breach, and we will update this piece as soon as we hear back from them.