Ransomware groups have started making extremely bold choices in their targeting. The healthcare sector has become a top favorite among these gangs since the pandemic struck the world. A prolific ransomware gang, named BlackMatter, had emerged in July and claimed to be the successor of REvil and DarkSide ransomware. This group has now attacked Olympus and made headlines. In this article, we will discuss the attack and other aspects related to BlackMatter ransomware.
Olympus attack
Japanese technology giant Olympus was allegedly hit by BlackMatter ransomware on September 8, which affected its IT systems in the EMEA region. An investigation is ongoing; data transfers have been stopped and external parties informed, claimed the company statement.
Connection with BlackMatter
- The tech giant did not reveal any details about the attacker. However, the ransom notes point toward an attack by BlackMatter.
- Moreover, these ransom notes point toward a Tor website that has been used by the threat actor previously for communication with victims.
REvil incarnated?
- BlackMatter had shown signs of being the child of REvil and DarkSide.
- The gang popped up right after REvil and DarkSide mysteriously disappeared.
- While REvil is back in action, experts are unsure of the claim that the gang is operating in full force. As REvil’s core developer—UNKN—disappeared, it is highly unlikely that the existing members would rebuild the group.
- This latest BlackMatter development alludes to the possibility that elite REvil operators have merged with this one and the old one is reduced to mediocrity.
The bottom line
Federal agencies are warning healthcare and public health sector facilities of potential attacks by BlackMatter. The attack on Olympus is no different from the strings of attacks against the healthcare sector since last year. Although BlackMatter claimed to not target critical infrastructure, threat actors are not to be trusted.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_212123623.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/2d10_shutterstock_1793155063.jpg)
