Olympus Pwned By Ransomware

Japanese tech giant Olympus has apparently become the victim of a ransomware attack:

Olympus said in a brief statement that it is “currently investigating a potential cybersecurity incident” affecting its European, Middle East and Africa computer network.

“Upon detection of suspicious activity, we immediately mobilized a specialized response team including forensics experts, and we are currently working with the highest priority to resolve this issue. As part of the investigation, we have suspended data transfers in the affected systems and have informed the relevant external partners,” the statement said.

But according to a person with knowledge of the incident, Olympus is recovering from a ransomware attack that began in the early morning of September 8. The person shared details of the incident prior to Olympus acknowledging the incident on Saturday.

The people allegedly behind the attack are apparently the BlackMatter group. Here’s what you need to know about them:

BlackMatter is a ransomware-as-a-service group that was founded as a successor to several ransomware groups, including DarkSide, which recently bounced from the criminal world after the high-profile ransomware attack on Colonial Pipeline, and REvil, which went silent for months after the Kaseya attack flooded hundreds of companies with ransomware.


Groups like BlackMatter rent access to their infrastructure, which affiliates use to launch attacks, while BlackMatter takes a cut of whatever ransoms are paid. Emsisoft has also found technical links and code overlaps between Darkside and BlackMatter.

Here’s what Director of Strategic Threat at Darktrace, Marcus Fowler had to say:

The ransomware attack on Olympus continues the trend that no organization, irrespective of size or industry, is immune from cyber-threats. The group responsible for the Olympus attack is assessed to be BlackMatter, a newer ransomware-as-a-service group. BlackMatter is said to be born out of DarkSide, the hacking group responsible for the Colonial Pipeline attack. In the aftermath of the Colonial attack, the Biden Administration’s designation of ransomware as a national security threat most likely resulted in the dissolution of DarkSide, and this may be a new trend of these hacking groups being more temporary to distract from a government focus on any one group. Over the long-term this could make it even more difficult for the intelligence community and law enforcement to target and dismantle these groups.

The emergence of ransomware-as-a-service and double extortion ransomware has made this kind of cybercrime more efficient and profitable for cybercriminals. As ransomware attacks increase globally across industries, traditional approaches to cyber security are no longer good enough. Ransomware attacks move so rapidly across an organization’s digital environment to disable systems and encrypt files that they outpace a human security team’s ability to respond. By the time organizations like Olympus have managed to detect and “mobilize a specialized response team” – the damage has already been done. The reality is that you can’t stop breaches – but you can prevent the disruption they cause. This is why organizations are increasingly turning to AI and ‘autonomous response’ technology that is capable of pinpointing anomalous, threatening activity in real time and interrupting the threat before it escalates to a full-blown attack.

I’ve said this many times before, but companies are now running out of time to make sure that their cyber defenses are in tip top shape. If they don’t do anything substantive to protect themselves, I’ll be writing about them and the fact that they got pwned in due course.

One Response to “Olympus Pwned By Ransomware”

  1. […] recently wrote about the fact that the EMEA operations for Olympus were pwned by a ransomware attack. Well, it’s happened again. And I am not sure how I missed […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: