{
	"id": "24394a22-b042-40a4-afa7-f079cc29d6ae",
	"created_at": "2026-04-06T00:08:50.099667Z",
	"updated_at": "2026-04-10T13:12:39.28863Z",
	"deleted_at": null,
	"sha1_hash": "16b9a68f04adce4cdfc6fa6790c0064b221655db",
	"title": "BlackMatter ransomware hits medical technology giant Olympus",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 841718,
	"plain_text": "BlackMatter ransomware hits medical technology giant Olympus\r\nBy Sergiu Gatlan\r\nPublished: 2021-09-13 · Archived: 2026-04-05 16:57:53 UTC\r\nImage: Olympus\r\nOlympus, a leading medical technology company, is investigating a \"potential cybersecurity incident\" that impacted some of\r\nits EMEA (Europe, Middle East, Africa) IT systems last week.\r\nOlympus has more than 31,000 employees worldwide and over 100 years of history developing for the medical, life\r\nsciences, and industrial equipment industries.\r\nhttps://www.bleepingcomputer.com/news/security/blackmatter-ransomware-hits-medical-technology-giant-olympus/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/blackmatter-ransomware-hits-medical-technology-giant-olympus/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nThe company's camera, audio recorder, and binocular divisions have been transferred to OM Digital Solutions, which has\r\nbeen selling and distributing these products starting with January 2021.\r\nCustomer security not affected by the attack\r\n\"Olympus is currently investigating a potential cybersecurity incident affecting limited areas of its EMEA (Europe, Middle\r\nEast, Africa) IT systems on September 8, 2021,\" the company said in a statement published Saturday, three days after the\r\nattack.\r\n\"Upon detection of suspicious activity, we immediately mobilized a specialized response team including forensics experts,\r\nand we are currently working with the highest priority to resolve this issue.\r\n\"As part of the investigation, we have suspended data transfers in the affected systems and have informed the relevant\r\nexternal partners.\"\r\nOlympus also said that it's working on discovering the extent of the damage resulting from this attack and will share\r\nadditional info as soon as it is available.\r\nChristian Pott, company spokesperson responsible for Olympus corporate matters, also told BleepingComputer that\r\ncustomer security and service were not affected by the incident.\r\n\"The support, service and security of our customer has the highest priority and is not effected by this case,\" an Olympus\r\nspokesperson told BleepingComputer when contacted via email.\r\n\"Please understand, that we cannot give any further information or statement due to the ongoing process of internal and\r\nexternal investigation.\"\r\nSigns of a BlackMatter ransomware attack\r\nWhile Olympus did not share any details on the attackers' identity, ransom notes left on systems impacted during the breach\r\npoint to a BlackMatter ransomware attack, as first reported by TechCrunch.\r\nThe same ransom notes also point to a Tor website the BlackMatter gang has used in the past to communicate with victims.\r\nBlackMatter is a relatively new ransomware operation that surfaced at the end of July 2021 and was initially believed to be\r\na rebrand of DarkSide ransomware.\r\nFrom samples collected by researchers after some of their subsequent attacks, it was later confirmed that\r\nBlackMatter ransomware's encryption routines were the same custom and unique ones that DarkSide used.\r\nThe DarkSide operation shut down after attacking and shutting down Colonial Pipeline due to pressure from\r\nboth international law enforcement and the US government.\r\nUpdate September 14, 07:27 EDT: In a new statement, Olympus describes the incident as \"an attempted malware attack\"\r\nthat impacted the company's EMEA sales and manufacturing networks. \r\nWe can confirm that the incident on September 8, 2021 was an attempted malware attack affecting parts of our sales and\r\nmanufacturing networks in EMEA (Europe, Middle East, and Africa). [..] We have reported the incident to the relevant\r\ngovernment authorities.\r\nAccording to the results of the investigation so far, no evidence of loss, unauthorized use or disclosure of our data has been\r\ndetected. There is also no evidence that the cybersecurity incident affected any systems outside of the EMEA region.\r\nhttps://www.bleepingcomputer.com/news/security/blackmatter-ransomware-hits-medical-technology-giant-olympus/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-hits-medical-technology-giant-olympus/\r\nhttps://www.bleepingcomputer.com/news/security/blackmatter-ransomware-hits-medical-technology-giant-olympus/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-hits-medical-technology-giant-olympus/"
	],
	"report_names": [
		"blackmatter-ransomware-hits-medical-technology-giant-olympus"
	],
	"threat_actors": [],
	"ts_created_at": 1775434130,
	"ts_updated_at": 1775826759,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/16b9a68f04adce4cdfc6fa6790c0064b221655db.pdf",
		"text": "https://archive.orkl.eu/16b9a68f04adce4cdfc6fa6790c0064b221655db.txt",
		"img": "https://archive.orkl.eu/16b9a68f04adce4cdfc6fa6790c0064b221655db.jpg"
	}
}