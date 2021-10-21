CENTER VALLEY, Pa. - Olympus, which has a corporate office in Center Valley, says it experienced a cyberattack on Oct. 10.
The attack affected its business operations in the Americas(U.S., Canada, and Latin America), but did not impact its operations in other regions, the company said in a news release on its website.
The company works to create customer-driven solutions for the medical, life sciences, and industrial equipment industries, according to its website.
"While we are experiencing temporary disruptions to our business operations in the Americas, we are making steady progress towards ensuring that we can quickly return to providing an uninterrupted supply of our products and services for our customers and their patients," the company said in its news release.
The company says it reported the hack to law enforcement authorities "and will continue to take all necessary measures to serve our customers and business partners in a secure way."
The “ongoing” cyberattack against the company was caused by a Russian ransomware group sanctioned by the U.S. government, according to TechCrunch, which cites two people with knowledge of the incident.
A new malware variant known as Macaw was used in the attack that began on Oct. 10, which encrypted Olympus’ systems in the U.S., Canada and Latin America, according to TechCrunch. Macaw is a variant of the WastedLocker malware, both of which were created by Evil Corp., a Russia-based crime group that was subject to U.S. Treasury sanctions in 2019.
It’s the second ransomware attack to hit the company in as many months, after its networks in Europe, the Middle East and Africa were knocked offline by the BlackMatter ransomware group in September, according to TechCrunch. (BlackMatter and Evil Corp. are not known to be linked.)
“Olympus was hit by BlackMatter last month and then hit by Macaw a week or so ago,” Allan Liska, a senior threat analyst at security firm Recorded Future, told TechCrunch. Liska said that the Macaw malware leaves behind a ransom note on hacked computers that claims to have stolen data from its victims.
TechCrunch says Olympus spokesperson Jennifer Bannan declined to say if the company paid the ransom.
TechCrunch says Treasury sanctions make it more difficult for companies based or operating in the United States to pay a ransom to get their files back, since U.S. nationals are "generally prohibited" from transacting with sanctioned entities. Evil Corp. has renamed and modified its malware several times to circumvent U.S. sanctions.