Tech giant Olympus suffers second cyber attack in weeks

Olympus, a technology manufacturing giant specialising in medical systems, life science and industrial solutions, has confirmed it is once again the victim of a cyber attack, one which has forced the company to shut down IT systems in North and South America.  This attack comes only weeks after the technology giant suffered a ransomware attack by the BlackMatter threat group.  

In a news release on Tuesday, Olympus stated that it was “currently investigating a potential cybersecurity incident detected October 10”, have “mobilized a specialized response team including forensics experts” and are “working with the highest priority to resolve this issue”. They said that they had “suspended affected systems” as part of the investigation and containment. 

So far, the incident appears to be “contained to the Americas with no known impact to other regions”. 

Olympus said they are “working with appropriate third parties on this situation” and that they “will continue to take all necessary measures to serve our customers and business partners in a secure way. Protecting our customers and partners and maintaining their trust in us is our highest priority.” 

The company apologised “for any inconvenience this has caused”. 

The statement is eerily similar to the one last month when Olympus suffered a ransomware attack, forcing its European, Middle East and Africa (EMEA) networks offline. At the time, Olympus had stated that there was “no evidence of loss, unauthorized use or disclosure of our data has been detected” and also “no evidence that the cybersecurity incident affected any systems outside of the EMEA region”. 

Is it BlackMatter? 

Having only just recovered from a previous cyber attack, Olympus could appear to have had unlucky past few weeks in regards to cybersecurity, and it may not be a coincidence. 

When the first attack in September occurred, the ransom note left behind on infected systems was quickly attributed to the BlackMatter ransomware-as-a-service threat group, a group who has also been linked with the cyber attack against New Cooperative which occurred around the same time. Black Matter has previously been linked to another ransomware group called DarkSide, the infamous threat group that seemingly shut down after their successful cyber attack against the US Colonial Pipeline. 

Despite BlackMatter’s claim that they would not attack hospitals, it seems that medical technology companies that provide them life-saving equipment and innovations didn’t make the list. 

Brett Callow, a ransomware expert and threat analyst for Emsisoft, a New Zealand-based anti-virus distributed software company, told TechCrunch that due to the attack occurring on the weekend there is an increased likelihood it is a repeat attack and that “if it is ransomware, whether it’s BlackMatter again is impossible to say” but “It certainly could be, or the affiliate responsible for the attack on the EMEA operations could have chosen to deploy different ransomware this time”. 

Lightning striking twice 

Regardless of whether or not BlackMatter is responsible for this latest attack, repeat cyber attacks against previous victims are all too common.  

According to the Crowdstrike Services Cyber Frontline report, 68 percent of companies encountered another sophisticated intrusion attempt within 12 months of a previous. This can often be due to hackers knowing that these companies have been exploited before and hoping the same vulnerabilities, or at least similar one, remain in their systems and networks. It may also be that a back door has been missed. 

Notably, it was found in a report by Cybereason showed that 80 percent of companies that paid the ransom were hit again, and this was often by the same threat actors. By paying ransoms, companies often end up advertising to threat actors that they’re a lucrative victim to exploit. 

If a company is successfully compromised by a hack, there is even more of a target on their backs than usual due to it advertising that fact, encouraging malicious actors to have another go at them. This emphasises the fact that companies who have suffered a breach of their security system need to be especially rigorous with their cybersecurity in order to prevent themselves being overwhelmed by attempts from cybercriminals. 

At time of publication, Olympus has not yet confirmed if the infamous BlackMatter ransomware group are also responsible for this attack, although has said its investigation is currently on-going and that they “will continue to provide updates as new information becomes available”.