Olympus confirms ransomware attacks from the threat group identified as “BlackMatter”, a successor of popular hackers. The new group comes after various groups of hackers have terrorized different companies in the past.
The former president of Olympus Corporation, Hiroyuki Sasa has announced that after the ransom attack, the company’s medium-term vision for the next five years is to cut its workforce to book a profit this year. This move is expected to help the company recover from a loss cover-up scandal.
The company is doing its best to investigate the ransomware attack. They released an official statement where they explained their status and side for what actually happened. As per initial investigations, it was released that the incident was centered on Europe, the Middle East, and the African regions.
Though the company took a long time to release an official statement, Olympus claimed that the company is currently looking into the problem and is trying to get to the bottom of the matter to understand the cause and the affected tech.
As per TechCrunch, the primary suspect would be “BlackMatter”, ransomware for a service group that is considered to be walking the footsteps of Revil and DarkSide. The country is further expected to face more attacks in the future. However, both the government and the tech companies are working to tackle the issue.
Cause of Olympus ransomware attackby BlackMatter
After the breach detection, the company claimed that it instantly mobilized a response team that would look into the hack and identifies the reasons behind it. No other reason was stated by the company.
Moreover, the statement gives little clue about what service was affected within the company. Olympus is renowned as a multinational Japanese technology company that focuses on producing optics and reprography products.
It is popular for its cameras which have been used in the photography industry and other forms of media.
BlackMatter Ransomware Group
BlackMatter group is currently being closely watched by the authorities as it is a primary suspect in the recent ransomware attack on Olympus.
While nothing has been confirmed by both BlackMatter and Olympus, the incident shows a massive upcoming threat against tech companies.
A ransom note however was left on infected computers that claimed to be from the BlackMatter ransomware group.
The note read, “Your network is encrypted, and not currently operational”. It further read that if the company agreed to pay, they would provide Olympus with the programs for decryption.
The note included a web address to a site that could be accessed only through the Tor Browser that is known to be used by the BlackMatter group to communicate with its victim.
The threat was analyzed by a threat analyst and ransomware expert Brett Callow. He told that the site in the ransom note is linked to the BlackMatter group.
BlackMatter is a ransomware group, a successor to several ransomware groups including DarkSide. Both attacks caught the attention of the U.S. government. The authorities promised to take strict action if any critical infrastructure was hit again due to the attack.