‘Olympus Europe has been hit by BlackMatter ransomware’

The European branch of Olympus, a manufacturer of medical equipment, among other things, is dealing with a ransomware attack, according to TechCrunch sources. Olympus itself says it is investigating a ‘potential cybersecurity incident’.

According to Olympus, the incident affects a limited part of the systems of the EMEA business unit. The company writes in a statement that after detecting suspicious activity on September 8, it immediately engaged a response team and is working on solving the problem. The scale of the incident is still under investigation, according to the manufacturer.

Olympus won’t give any substantive details, but a source with knowledge of the incident told TechCrunch that the company is dealing with a ransomware attack that began on the morning of September 8. The attackers allegedly encrypted an Olympus network and demanded a ransom to undo it. The amount demanded is unknown.

The way the ransom is demanded, via a site only accessible with the Tor browser, would indicate that the BlackMatter group is behind the attack. An Emsisoft ransomware expert who has seen details tells TechCrunch.

BlackMatter is said to be the successor to several ransomware-as-a-service groups, such as DarkSide and REvil. Those two were behind the attacks on Colonial Pipeline and Kaseya, respectively. More than 40 ransomware attacks attributable to BlackMatter have been observed since June, according to EmsiSoft.