by John R. Fischer
, Senior Reporter | October 13, 2021
A cyberattack Sunday forced medical technology company Olympus to shut down its IT systems in the U.S., Canada and Latin America.
The company publicly disclosed the attack two days after it occurred. It did not mention if customer or company data was accessed or stolen but said it would provide updates with new information as soon as possible, reported technology news outlet, Bleeping Computer
"We are working with appropriate third parties on this situation and will continue to take all necessary measures to serve our customers and business partners in a secure way," said Olympus in a statement. "Protecting our customers and partners and maintaining their trust in us is our highest priority."
So far, an ongoing investigation by Olympus has found no evidence of data loss. The company says that the incident was restricted to the Americas and that there is no known impact to any other world region, and that it has informed all relevant external partners. It did not disclose the attacker’s identity, but ransom notes found on the systems impacted indicate that BlackMatter ransomware operators were responsible, according to Bleeping Computer.
A fairly new group, BlackMatter claims to target only large enterprises with attacks that combine the most effective features of several other ransomware strains, including REvil and DarkSide. It operates as a profit-sharing Ransomware-as-a-Service provider, according to Erich Kron, security awareness advocate for KnowBe4, initiating attacks via affiliates while the main developers maintain the required infrastructure to support the ransomware and work to enhance it.
"Because ransomware is spread most often through phishing emails, organizations should ensure they have a high-quality security awareness program in place that includes a way to report suspected phishing emails to the security team," Kron said in a statement. "In addition, Data Loss Prevention (DLP) controls should be in place to stop the exfiltration of data, and good, tested backups are critical for the recovery phase."
The attack is the second to hit Olympus in less than two months. A previous incident took place in early September on its EMEA (Europe, Middle East, Africa) IT systems.
The FBI and CISA said in a joint advisory in August that they “observed an increase in highly impactful ransomware attacks occurring on holidays and weekends, when offices are normally closed in the United States, as recently as the Fourth of July holiday in 2021."