Olympus is recovering from a ransomware attack that began in the early morning of September 8. Olympus manufactures optical and digital reprography technology for the medical and life sciences industries head quarters in Japan.
A ransom note left behind on infected computers claimed to be from the BlackMatter ransomware group. “Your network is encrypted, and not currently operational, If you pay, we will provide you the programs for decryption.” The ransom note also included a web address to a site accessible only through the Tor Browser that’s known to be used by BlackMatter to communicate with its victims.
BlackMatter is a ransomware-as-a-service group that was founded as a successor to several ransomware groups, including DarkSide, which recently bounced from the criminal world after the high-profile ransomware attack on Colonial Pipeline, and REvil, which went silent for months after the Kaseya attack flooded hundreds of companies with ransomware.
Groups like BlackMatter rent access to their infrastructure, which affiliates use to launch attacks, while BlackMatter takes a cut of whatever ransoms are paid. Emsisoft has also found technical links and code overlaps between Darkside and BlackMatter.