Based on information from two anonymous sources with knowledge of the incident, TechCrunch says the attack was caused by the Macaw malware, a variant of the WastedLocker malware, both of which are created by Evil Corp.
The ongoing campaign, which began on October 10, and has encrypted Olympus’ systems in the US, Canada and Latin America, follows an earlier BlackMatter-orchestrated attack on the camera giant in September that encrypted its infrastructure across the European, Middle East and Africa regions.
While Olympus has acknowledged that the October 10 “incident” has caused disruptions, it hasn’t commented on the nature of the attack.
However, Olympus’ statement inadvertently hints to the fact that it has possibly been attacked by ransomware.
“The nature and scope of the incident is under further investigation and we continue to learn additional details, including the likelihood of data exfiltration,” read the statement.
Data exfiltration is part of the double-extortion strategy employed by most ransomware operatives, who, in addition to encrypting their victim’s files, also extract a copy of the sensitive ones, which they threaten to release to their competitors.
Allan Liska, a senior threat analyst at security firm Recorded Future, told TechCrunch that the Macaw malware leaves behind a ransom note on hacked computers that claims to have stolen data from its victims, lending credence to the claims of the anonymous sources.
Unlike Olympus, the Sinclair Broadcast Group, which owns or operates 185 television stations across more than 80 markets, did acknowledge last week that the Macaw malware led to severe disruptions.