Image: Olympus

Olympus, a leading medical technology company, is investigating a "potential cybersecurity incident" that impacted some of its EMEA (Europe, Middle East, Africa) IT systems last week.

Olympus has more than 31,000 employees worldwide and over 100 years of history developing for the medical, life sciences, and industrial equipment industries.

The company's camera, audio recorder, and binocular divisions have been transferred to OM Digital Solutions, which has been selling and distributing these products starting with January 2021.

Customer security not affected by the attack

"Olympus is currently investigating a potential cybersecurity incident affecting limited areas of its EMEA (Europe, Middle East, Africa) IT systems on September 8, 2021," the company said in a statement published Saturday, three days after the attack.

"Upon detection of suspicious activity, we immediately mobilized a specialized response team including forensics experts, and we are currently working with the highest priority to resolve this issue.

"As part of the investigation, we have suspended data transfers in the affected systems and have informed the relevant external partners."

Olympus also said that it's working on discovering the extent of the damage resulting from this attack and will share additional info as soon as it is available.

Christian Pott, company spokesperson responsible for Olympus corporate matters, also told BleepingComputer that customer security and service were not affected by the incident.

"The support, service and security of our customer has the highest priority and is not effected by this case," an Olympus spokesperson told BleepingComputer when contacted via email.

"Please understand, that we cannot give any further information or statement due to the ongoing process of internal and external investigation."

Signs of a BlackMatter ransomware attack

While Olympus did not share any details on the attackers' identity, ransom notes left on systems impacted during the breach point to a BlackMatter ransomware attack, as first reported by TechCrunch.

The same ransom notes also point to a Tor website the BlackMatter gang has used in the past to communicate with victims.

BlackMatter is a relatively new ransomware operation that surfaced at the end of July 2021 and was initially believed to be a rebrand of DarkSide ransomware.

From samples collected by researchers after some of their subsequent attacks, it was later confirmed that BlackMatter ransomware's encryption routines were the same custom and unique ones that DarkSide used.

The DarkSide operation shut down after attacking and shutting down Colonial Pipeline due to pressure from both international law enforcement and the US government.

Update September 14, 07:27 EDT: In a new statement, Olympus describes the incident as "an attempted malware attack" that impacted the company's EMEA sales and manufacturing networks. 

We can confirm that the incident on September 8, 2021 was an attempted malware attack affecting parts of our sales and manufacturing networks in EMEA (Europe, Middle East, and Africa). [..] We have reported the incident to the relevant government authorities.

According to the results of the investigation so far, no evidence of loss, unauthorized use or disclosure of our data has been detected. There is also no evidence that the cybersecurity incident affected any systems outside of the EMEA region.

Related Articles:

HelloKitty ransomware rebrands, releases CD Projekt and Cisco data

The Week in Ransomware - April 19th 2024 - Attacks Ramp Up

United Nations agency investigates ransomware attack, data theft

FBI: Akira ransomware raked in $42 million from 250+ victims

UnitedHealth: Change Healthcare cyberattack caused $872 million loss