Medical technology giant Olympus has recently been investigating what it referred to as a “potential cybersecurity incident” that negatively affected some if its IT systems for the company’s operations in three regions – Africa, the Middle East and Europe.

With over 30,000 employees on its payroll working worldwide, Olympus has developing solutions for the life sciences, industrial equipment and life sciences sectors for over a century.

Olympus’s audio recorder, binocular and camera divisions have now been transferred over to OM Digital Solutions, an operation that since January this year has been distributing and selling these products.

Quick action following a cyberattack

A recent statement by the tech firm, issued three days following the cyberattack, commented on the event and its response:

“Olympus is currently investigating a potential cybersecurity incident affecting limited areas of its EMEA (Europe, Middle East, Africa) IT systems on September 8, 2021. Upon detection of suspicious activity, we immediately mobilized a specialized response team including forensics experts, and we are currently working with the highest priority to resolve this issue.”

It added that as a part of its ongoing investigation, it had suspended all data transfers within the impacted systems and informed relevant external partners who may have been affected.

Olympus also commented that it was working on uncovering just how much damage had been caused by the attack and would share additional information once it was made available.

Company spokesperson for Olympus regarding corporate matters, Christian Pott, reported that both customer service and security were not impacted by the attack.

Evidence suggests a BlackMatter ransomware strike

Although Olympus gave no specific details on its attackers’ identity, the ransom notes left behind on its systems impacted in the breach suggest the tech company was a victim of a ransomware attack conducted by BlackMatter.

The ransom notes issued also direct to a dedicated Tor website the BlackMatter ransomware gang has employed on previous occasions for correspondence and negotiations with victims following an attack.

A later update issued by Olympus confirmed the nature of the attack it suffered:

“We can confirm that the incident on September 8, 2021, was an attempted malware attack affecting parts of our sales and manufacturing networks in EMEA (Europe, Middle East, and Africa). We have reported the incident to the relevant government authorities.”

Relatively new on the ransomware scene, the BlackMatter operation first surfaced towards the end of July this year. Cybersecurity experts believe that the BlackMatter ransomware gang was in fact a rebrand of the infamous DarkSide operation that shut down its operations following its attack in the US’s Colonial Pipeline. While the high-profile nature of the attack earned the group kudos from its peers in the cybercriminal world, it also increased the attention of the US government and international authorities on DarkSide’s activities.

Fearing capture, DarkSide appeared to disband and shutdown. However, analysis of BlackMatter’s attacks revealed numerous similarities to the DarkSide gang’s modus operandi – for example, the unique and bespoke encryption routines used in ransomware attacks proved identical.