Technology giant Olympus is the latest company investigating an attack by the BlackMatter ransomware group. The company’s EMEA computer network was hit on Sept. 8, 2021, and it is currently in the recovery process.
The ransom note allegedly stated: “Your network is encrypted, and not currently operational. If you pay, we will provide you the programs for decryption.”
The ransom note also included a website link accessible only through the Tor Browser that BlackMatter is known to use to communicate with its target organizations. Cyber experts weighed in on this latest high-profile ransomware attack.
Ralph Pisani, President, Exabeam
"Ransomware remains a security Achilles heel. Understanding ‘normal’ versus ‘abnormal’ behavior sheds light on the presence of ransomware and its precursor problems, yet far too few organizations are able to see the canary in the coal mine.
However, organizations that work to understand the cycle of compromise, taking the time to understand normal behavior, will uncover the ransomware as abnormal before it strikes. If organizations are serious about ransomware, they must up level their capability to manage intrusions; a leading method of adoption is user and entity behavior analytics (UEBA) to detect behavioral deviation and spot malicious activity at far earlier stages of an attack.
Since ransomware is the product of earlier undetected intrusions, the window of opportunity for disruption and removal it out is small. Commodity security tools require too many static rules, generate far too many false positives, and do more harm than good. Organizations without advanced analytics will struggle getting ahead and are extremely vulnerable to the negative outcomes of ransomware.”
Duncan Jones, Head of Quantum Security, Cambridge Quantum
“The ransomware attack on Olympus is the latest example of cybercriminals exploiting corporate data for monetary gain. Attackers are more driven than ever, and adversarial nation states are increasingly supporting them, meaning future attacks will continue leveraging cutting-edge techniques and will only increase in severity. At some point, quantum computers will be in the tool-kit of these hackers. That’s why quantum-based cryptography should be implemented to ensure optimum encryption today and when quantum computers are powerful enough to easily break encryption standards.”
Danny Lopez, CEO Glasswall
"Reports of ransomware hitting technology companies is especially troubling, given the importance of the work being done by these types of organisations. While there is still speculation on the exact details of the attack, it is still worth underlining the importance of good security practice.
Organisations need to adopt robust processes for onboarding and offboarding employees and affiliates that may receive access to key information systems. It's vital to control privileged access and to monitor those that enjoy that administrator privilege. Ensuring that multi-factor authentication is enforced wherever possible, is a vital defence where user credentials find their way into the public domain. This will help to limit the blast radius, and in most cases, defeat the data breach.
Even if all procedures and policies are well executed, then there's no escaping the fact that adversaries are constantly looking to probe vulnerabilities and to insert malware into the environment, often using everyday business documents which we all use. It's vital that technology organisations invest in cyber protection services that stay ahead of attackers by eliminating the threats while still allowing employees to do their vital work.
Attacks like these demonstrate that a traditional castle-and-moat approach to network security leaves organisations exposed. Zero trust security sees the world differently. No one is trusted by default, regardless of whether they are inside or outside a network. In a world where data can be held amongst multiple cloud providers it is crucial to strengthen all processes relating to access verification. Without a zero trust approach organisations run the risk of attackers having a free reign across a network once they are inside.”
Alex Pezold, CEO, TokenEx
"It is clear that ransomware attacks and other attempts to breach data stores are growing more frequent than ever, so every organization must have a plan for what data to protect, and how to build resilience into company systems so they can 'reboot,' if needed."
Neil Jones, Cybersecurity Evangelist, Egnyte
"The recent cyberattack on technology giant Olympus represents a major wake-up call–no large global corporation should consider itself exempt from ransomware attacks. Senior executives and IT leaders should also be aware that no technological solution is 100% effective, but a large percentage of ransomware attacks can be prevented with diligent preparation.
Unfortunately, even in technologically sophisticated organizations like Olympus, the methods and tools being employed don't meet the security and control needs to combat today’s threats. Security must be viewed as much more than a checklist. The best solutions fit in a broader sense of governance but still make it easy to share files with anyone, without compromising users' security and control.
The reality is that all content and communications are vulnerable without proper data governance, and it’s imperative that organizations protect the data itself. This type of security incident occurs regularly, particularly to multinational companies that have a natural target on them because of their size and the mission-critical systems they use to communicate with thousands of global employees on a daily basis. If secure file collaboration tools with suspicious log-in capabilities are implemented correctly, they can render cybercriminal attacks ineffective. Used in a case like this where adversaries were able to infiltrate the network and impact business activities, the systems themselves would have been inaccessible to outsiders, and the company's valuable data would have remained protected."
###