The European branch of Olympus, a manufacturer of medical equipment, among other things, is dealing with a ransomware attack, according to TechCrunch sources. Olympus itself says it is investigating a ‘potential cybersecurity incident’.
According to Olympus, the incident affects a limited number of the systems of the EMEAbusiness unit. Company writes in a statement that after detecting suspicious activity on September 8, it immediately engaged a response team and is working to resolve the issue. The scale of the incident is still under investigation, according to the manufacturer.
Olympus does not provide substantive details, but a source with knowledge of the incident, says to TechCrunch that the company is dealing with a ransomware attack that began on the morning of September 8. The attackers allegedly encrypted an Olympus network and demanded a ransom to undo it. The amount demanded is unknown.
The way the ransom is demanded, via a site only accessible with the Tor browser, would indicate that the BlackMatter group is behind the attack. An Emsisoft ransomware expert who has seen details tells TechCrunch.
BlackMatter would be the successor to various ransomware-as-a-service-groups, such as DarkSide and REvil. Those two were behind the attacks on Colonial Pipeline and Kaseya, respectively. More than 40 ransomware attacks attributable to BlackMatter have been observed since June, according to EmsiSoft.