Russian ransomware group reportedly behind Olympus attack

ID theft
(Image credit: Future)

A supposed ongoing ransomware operation against camera giant Olympus is the work of the notorious Russia-based Evil Corp, according to reports.

Based on information from two anonymous sources with knowledge of the incident, TechCrunch says the attack was caused by the Macaw malware, a variant of the WastedLocker malware, both of which are created by Evil Corp.

The ongoing campaign, which began on October 10, and has encrypted Olympus’ systems in the US, Canada and Latin America, follows an earlier BlackMatter-orchestrated attack on the camera giant in September that encrypted its infrastructure across the European, Middle East and Africa regions.

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> <a href="https://project.tolunastart.com/tqsruntime/main?surveyData=LFFFsT0HpgsyUe0tTFumBJohXK8Sedt0ARpsCF4DRGR+oCoVbvd+2+d8+UNIIx4L" data-link-merchant="project.tolunastart.com"" target="_blank">Click here to start the survey in a new window <<

While Olympus has acknowledged that the October 10 “incident” has caused disruptions, it hasn’t commented on the nature of the attack.

Repeat victims

However, Olympus’ statement inadvertently hints to the fact that it has possibly been attacked by ransomware.

“The nature and scope of the incident is under further investigation and we continue to learn additional details, including the likelihood of data exfiltration,” read the statement. 

Data exfiltration is part of the double-extortion strategy employed by most ransomware operatives, who, in addition to encrypting their victim’s files, also extract a copy of the sensitive ones, which they threaten to release to their competitors. 

Allan Liska, a senior threat analyst at security firm Recorded Future, told TechCrunch that the Macaw malware leaves behind a ransom note on hacked computers that claims to have stolen data from its victims, lending credence to the claims of the anonymous sources.

Unlike Olympus, the Sinclair Broadcast Group, which owns or operates 185 television stations across more than 80 markets, did acknowledge last week that the Macaw malware led to severe disruptions.

Via TechCrunch

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.