Ex-camera biz Olympus investigating 'suspicious' network activity again a month after ransomware hit

Plus: Extortionist gang threatens victims who talk to the press

Olympus, the Japanese company once known for making cameras, is investigating "suspicious" activity on its networks again – a month after those same networks were ravaged by ransomware.

In a statement issued last night the company said it had "mobilized a specialized response team including forensics experts" in response to a "cybersecurity incident" that was affecting its IT networks across North and South America.

The attack began on 10 October. Affected systems are said to have been "suspended" and affected customers and suppliers informed, said Olympus.

"Protecting our customers and maintaining their trust in us is our highest priority," added the company, which sold its iconic camera business last year. These days it concentrates on medical and scientific optics.

The original ransomware attack in September saw Olympus targeted by the BlackMatter ransomware-as-a-service gang, as reported elsewhere. The Japanese company said last month it was mobilising "a specialised response team including forensics experts," raising suspicions that the latest incident is another ransomware attack.

BlackMatter is a rebrand of the Darkside ransomware gang who shot to global notoriety after causing the shutdown of the US Colonial Pipeline during May, a major petrochemical conduit for America's east coast. Amid mounting rage from the US and hints that a major reaction from law enforcement was in the pipeline, Darkside claimed it was shutting up shop – only to give the lie to that promise by targeting a school in Doncaster one day later.

Publicity is good except when we don't control it

Ransomware attacks are still prevalent across all sectors of society, though reporting of them has subsided a little in recent months.

A recent rant posted on a Tor-hosted blog by one gang, Conti, promised victims that stolen data would be dumped online for all to see if they spoke to the media – while, of course, reserving the right for the criminals to talk to "respected journalist and researcher personalities" [sic] and brag about their crimes. Some excitable infosec bloggers, and even proper news outlets, have confused contextualised news reporting with the glorification of criminality.

Referring to one recent extortion they carried out, the Conti crims wrote: "However, since the publication [of news about it] happened in the middle of negotiations it resulted in our decision to terminate the negotiations and publish the data."

They added: "If we see a clear indication of our negotiations being sent to the media we will terminate the negotiations and dump all the files on our blog… if we see our chats in public we will also dump your files."

This presents a challenge to some "respected journalist and media personalities" who would log into ongoing ransomware negotiation chats using credentials published by the extortionists for their victims to use, copy the contents and publish them for all to read – inadvertently (one would hope) applying extra pressure to victims at their lowest moments.

Anti-ransomware firm Emsisoft researcher Brett Callow mused to The Register: "There's a difference between the crims disclosing information that it makes sense for them to disclose and security companies and law enforcement getting information which could put a dent in [ransomware gangs'] bottom line. Simple example: some operators will immediately accept a low counter offer. They don't, however, supply a decryptor when the agreed ransom is paid. At this point, they know the company needs that encrypted data, so revert to the initial higher demand."

He added: "This is especially true of crims that use pay-once-use-forever off-the-shelf ransomware. They don't need to look after their reputation, so can do whatever the hell they want." ®

Similar topics

Broader topics

Narrower topics

Other stories you might like

  • Google sours on legacy G Suite freeloaders, demands fee or flee

    Free incarnation of online app package, which became Workplace, is going away

    Google has served eviction notices to its legacy G Suite squatters: the free service will no longer be available in four months and existing users can either pay for a Google Workspace subscription or export their data and take their not particularly valuable businesses elsewhere.

    "If you have the G Suite legacy free edition, you need to upgrade to a paid Google Workspace subscription to keep your services," the company said in a recently revised support document. "The G Suite legacy free edition will no longer be available starting May 1, 2022."

    Continue reading
  • SpaceX Starlink sat streaks now present in nearly a fifth of all astronomical images snapped by Caltech telescope

    Annoying, maybe – but totally ruining this science, maybe not

    SpaceX’s Starlink satellites appear in about a fifth of all images snapped by the Zwicky Transient Facility (ZTF), a camera attached to the Samuel Oschin Telescope in California, which is used by astronomers to study supernovae, gamma ray bursts, asteroids, and suchlike.

    A study led by Przemek Mróz, a former postdoctoral scholar at the California Institute of Technology (Caltech) and now a researcher at the University of Warsaw in Poland, analysed the current and future effects of Starlink satellites on the ZTF. The telescope and camera are housed at the Palomar Observatory, which is operated by Caltech.

    The team of astronomers found 5,301 streaks leftover from the moving satellites in images taken by the instrument between November 2019 and September 2021, according to their paper on the subject, published in the Astrophysical Journal Letters this week.

    Continue reading
  • AI tool finds hundreds of genes related to human motor neuron disease

    Breakthrough could lead to development of drugs to target illness

    A machine-learning algorithm has helped scientists find 690 human genes associated with a higher risk of developing motor neuron disease, according to research published in Cell this week.

    Neuronal cells in the central nervous system and brain break down and die in people with motor neuron disease, like amyotrophic lateral sclerosis (ALS) more commonly known as Lou Gehrig's disease, named after the baseball player who developed it. They lose control over their bodies, and as the disease progresses patients become completely paralyzed. There is currently no verified cure for ALS.

    Motor neuron disease typically affects people in old age and its causes are unknown. Johnathan Cooper-Knock, a clinical lecturer at the University of Sheffield in England and leader of Project MinE, an ambitious effort to perform whole genome sequencing of ALS, believes that understanding how genes affect cellular function could help scientists develop new drugs to treat the disease.

    Continue reading

Biting the hand that feeds IT © 1998–2022