Technology giant Olympus is the latest company investigating an attack by the BlackMatter ransomware group. The company’s EMEA computer network was hit on Sept. 8, 2021, and it is currently in the recovery process.
The ransom note allegedly stated: “Your network is encrypted, and not currently operational. If you pay, we will provide you the programs for decryption.”
The ransom note also included a website link accessible only through the Tor Browser that BlackMatter is known to use to communicate with its target organizations. Cyber experts weighed in on this latest high-profile ransomware attack.
Ralph Pisani, President, Exabeam
"Ransomware remains a security Achilles heel. Understanding ‘normal’ versus ‘abnormal’ behavior sheds light on the presence of ransomware and its precursor problems, yet far too few organizations are able to see the canary in the coal mine.
However, organizations that work to understand the cycle of compromise, taking the time to understand normal behavior, will uncover the ransomware as abnormal before it strikes. If organizations are serious about ransomware, they must up level their capability to manage intrusions; a leading method of adoption is user and entity behavior analytics (UEBA) to detect behavioral deviation and spot malicious activity at far earlier stages of an attack.
Since ransomware is the product of earlier undetected intrusions, the window of opportunity for disruption and removal it out is small. Commodity security tools require too many static rules, generate far too many false positives, and do more harm than good. Organizations without advanced analytics will struggle getting ahead and are extremely vulnerable to the negative outcomes of ransomware.”
Duncan Jones, Head of Quantum Security, Cambridge Quantum