Chris Swagler | September 17th, 2021


An investigation is currently underway on a potential cybersecurity breach of a leading medical technology company, Olympus, that impacted some IT systems in Europe, the Middle East, and Africa. Olympus has been developing medical, life sciences, and industrial equipment for the medical industry for over 100 years with over 31,000 employees worldwide.

Olympus immediately deployed a specialized response team including forensics experts the moment they detected suspicious activity. All data transfers in the affected systems are suspended as part of the investigation and Olympus has contacted their external partners. They are currently working to discover the extent of the damage from the ransomware attack and will release additional information the moment it becomes available.

Even though Olympus did not share info on the threat actor’s identity, ransom notes left on the affected systems, however, point to the BlackMatter Ransomware group and a Tor website the group previously used to communicate with victims.

At the end of July 2021, the group appeared as a new ransomware operation in which many believed was the rebranded DarkSide ransomware. Researchers who collected samples from previous attacks confirmed that encryption routines used by both ransomware groups were the same. The DarkSide ransomware group shut down their operations due to intense pressure from the United States government and international law enforcement after the attack on the Colonial Pipeline.

With the appearance of old ransomware groups under new names targeting high-profile companies like Olympus, staying current with the latest threat landscape is crucial in protecting your company’s network. Having an advanced security team like SpearTip incorporated is important to your company because we continuously monitor every aspect of your company’s network system for potential breaches.

Our pre-breach and advisory services help your company understand and locate the weak points within your network. Our Security Operations Center as a Service (SOCaaS) provides clients with access to our certified engineers working 24/7 to block threat actors from penetrating your organization. In addition to our Security Operations Center, our endpoint detection and response tool, ShadowSpear, detects new threats early and block them in their tracks.

If your company is experiencing a breach, call our Security Operations Center at 833.997.7327 to speak directly with an engineer.