Japanese tech company Olympus is investigating “potential cybersecurity incidents” affecting business units in Europe, the Middle East and Africa (EMEA).
In a press statement released over the weekend, the company said it detected suspicious activity in computer systems on the 8th.NS In September and “immediately mobilized a dedicated response team, including forensic experts.”
As a precautionary measure, data transfer on the affected machine was suspended and the relevant external partners were notified of the incident.
Olympus states that it is currently working to identify the scope of the breach and resolve the issue as soon as possible. The company apologized to everyone affected as a result of the incident.
Olympus is a Tokyo-based multinational company with more than 31,600 employees worldwide. We specialize in the manufacture of various scientific and medical devices such as ultrasound and microscope tools. Olympus was a pioneer in both analog and digital cameras, but sold its camera division earlier this year.
Olympus did not provide information about the nature of the cyber incident or the people behind the attack, but sources with knowledge of the matter said. TechCrunch The company was the victim of a ransomware attack from the Black Matter blackmail group.
The attacker left notes on the encrypted system and promised to decrypt them in exchange for payment. TechCrunch According to sources.
“Your network is encrypted and isn’t working right now,” the note says.
“If you pay, we will provide you with a program for decryption.”
The ransom memo was also said to be accessible only from the Tor browser and instructed the recipient to access the web page that the BlackMatter group uses to communicate with the victim.
According to security experts, the BlackMatter Ransomware Group is an improved version of Dark Side, a Russian-based group that encrypted the computer systems of the Colonial Pipeline in May.
The shutdown of the Colonial system caused a panic in the southeastern United States, where residents were seen lining up for hours on petrol pumps for fear of fuel shortages. Gasoline prices have risen due to fuel supply turmoil, and some stations have run out of fuel.
Bloomberg reports that the Colonial Pipeline paid the Dark Side Gang a ransom of about $ 5 million a few hours after the company’s system began to lock. After receiving the payment, the ransomware operator provided the company with a decryption tool to restore the disabled computer network.
Black Matter is also linked to the REvil group. The REvil Group used Kaseya’s zero-day bug in VSA remote management tools to encrypt approximately 60 managed service providers and more than 1,500 small business customers in the first major supply chain strike. July week.
However, the gang disappeared from the internet on July 13. I abandoned the forum, disconnected the server, and shut down the existence of the dark web. Experts said the Russian government had shown to the world that it had stopped the group and was working with the US government.
After being offline for about two months, many of REvil’s dark web servers resurfaced a few days ago, raising concerns that the group might be preparing for a new attack.
Security researchers said the group’s Happy Blog data breach site and Tor payment / negotiation portal suddenly returned to the dark web.
REvil’s payment portal has also re-emerged, allowing victims to negotiate with group operatives, but it doesn’t seem to be fully functional yet.
Source link Technology giant Olympus was reportedly hit by Black Matter ransomware