A cyberattack Sunday forced medical technology company Olympus to shut down its IT systems in the U.S., Canada and Latin America.
The company publicly disclosed the attack two days after it occurred. It did not mention if customer or company data was accessed or stolen but said it would provide updates with new information as soon as possible, reported technology news outlet, Bleeping Computer
"We are working with appropriate third parties on this situation and will continue to take all necessary measures to serve our customers and business partners in a secure way," said Olympus in a statement. "Protecting our customers and partners and maintaining their trust in us is our highest priority."
So far, an ongoing investigation by Olympus has found no evidence of data loss. The company says that the incident was restricted to the Americas and that there is no known impact to any other world region, and that it has informed all relevant external partners. It did not disclose the attacker’s identity, but ransom notes found on the systems impacted indicate that BlackMatter ransomware operators were responsible, according to Bleeping Computer.
A fairly new group, BlackMatter claims to target only large enterprises with attacks that combine the most effective features of several other ransomware strains, including REvil and DarkSide. It operates as a profit-sharing Ransomware-as-a-Service provider, according to Erich Kron, security awareness advocate for KnowBe4, initiating attacks via affiliates while the main developers maintain the required infrastructure to support the ransomware and work to enhance it.
"Because ransomware is spread most often through phishing emails, organizations should ensure they have a high-quality security awareness program in place that includes a way to report suspected phishing emails to the security team," Kron said in a statement. "In addition, Data Loss Prevention (DLP) controls should be in place to stop the exfiltration of data, and good, tested backups are critical for the recovery phase."
The attack is the second to hit Olympus in less than two months. A previous incident took place in early September on its EMEA (Europe, Middle East, Africa) IT systems.
The FBI and CISA said in a joint advisory in August that they “observed an increase in highly impactful ransomware attacks occurring on holidays and weekends, when offices are normally closed in the United States, as recently as the Fourth of July holiday in 2021."
In addition to medical technology companies like Olympus, attackers often target healthcare providers and practices. Gastroenterology Consultants, a Texas healthcare provider, revealed last month that it was hit by a cyberattack in January
that primarily compromised the names, addresses and personal health information for a number of patients, as well as Social Security numbers for a smaller number. The practice was criticized for waiting several months to notify over 161,000 patients of the attack.
Not helping is the ongoing COVID-19 pandemic, which has made healthcare companies and providers more vulnerable to cyberattacks over the past two years. Cybersecurity technology company CrowdStrike Intelligence Services revealed earlier this year that the pandemic has led to a rise in data extortion ransomware attacks of up to 580%
in the healthcare sector. It ranked healthcare in the top five most targeted areas by ransomware data extortion in 2020, with 97 incidents reported.