Olympus probes apparent cyberattack, its second in less than a month
Japanese technology manufacturer Olympus announced Tuesday that it was investigating “a potential cybersecurity incident” affecting IT systems in the U.S., Canada and Latin America.
The Oct. 12 statement was light on detail but said the “incident” was detected Sunday, Oct. 10. The Tokyo-based company has offices and subsidiaries around the world, which produce and sell equipment such as medical devices and various microscopes.
The issue comes nearly a month after the company was the victim of a ransomware attack affecting its business units in Europe, the Middle East and Africa. That incident was reportedly the work of an attacker affiliated the BlackMatter ransomware group, one of the successor groups of DarkSide, the Russia-based gang behind the Colonial Pipeline attack in May, which became a major discussion point between President Joe Biden and Russian President Vladimir Putin during a bilateral summit in June.
BlackMatter is also linked to REvil, another prolific ransomware extortion group behind a string of attacks earlier this year.
A ransomware expert told TechCrunch Tuesday that it’s not clear whether the Oct. 10 incident was another ransomware attack, but the fact that it occurred on a weekend — a popular time for such attacks to take place— makes it a plausible scenario.
“Upon detection of suspicious activity, we immediately mobilized a specialized response team including forensics experts, and we are currently working with the highest priority to resolve this issue,” the company said in the Oct. 12 statement. Affected systems have been “suspended,” and currently the company believes “the incident was contained to the Americas with no known impact to other regions.”
A spokesperson for the company said there’s currently no evidence that the that the two incidents are related, but the investigation is ongoing.
Update: This story was updated Oct. 13 to include a response from the company.