European IT giant Sopra Steria hit by ransomware attack

Sopra Steria, a major European IT company responsible for consulting, technical support, and helping clients with digital transformation, has reported it was hit with a cyberattack that appears to be ransomware-related. The Paris-based company issued an alert on Oct. 21 that their internal network had been compromised. The notice reads as follows:

A cyberattack has been detected on Sopra Steria’s IT network on the evening of 20th October. Security measures have been implemented in order to contain risks. The Group’s teams are working hard for a return to normal as quickly as possible and every effort has been made to ensure business continuity. Sopra Steria is in close contact with its customers and partners, as well as the competent authorities.

When reading the notice, Sopra Steria does not explicitly mention ransomware as being the culprit. One could infer it based on the description of the attack, but that would be mere conjecture. The ransomware connection was made by third-party sources in the cybersecurity community, and then found that information reported in corresponding media.

Sources with inside knowledge of the attack told two media outlets about the ransomware. First, Bleeping Computer’s Lawrence Abrams was informed by an anonymous source that the attack was caused by Ryuk, an infamous ransomware known for high-profile attacks against the medical industry. This was then confirmed by another source, this time the French IT news service LeMagIT. When translated into English, the LeMagIT report states the following on the Sopra Steria incident and Ryuk’s involvement:

Two sources tell us that the ransomware involved is none other than Ryuk. Surprisingly, researcher JamesWT_MHT found a copy of an executable on VirusTotal that has been confirmed by two sources to be used internally at ESN for generating email signatures. It could prove invaluable in targeted phishing campaigns.

Since the investigation is ongoing, it is unknown how this ransomware made its way into Sopra Steria’s network. A negligent employee most likely downloaded a malicious file with Ryuk as an executable, but again, this is merely conjecture at the moment.

Any relevant, major updates on this story will be reported on accordingly.

Featured image: Flickr / After Sales

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Contactless payments are hot, but are they secure?

The trend to contactless payments has accelerated as retailers and consumers adjust to COVID-19 realities.…

7 hours ago

Season’s fleecings: CISA warns on holiday shopping scams

The U.S. Department of Homeland Security is warning that online holiday shopping scams may be…

11 hours ago

Azure DNS: Using Azure DevOps to protect public DNS zones

This in-depth tutorial shows you how to use features available in Azure DevOps to boost…

14 hours ago

Report: Baidu Android apps had potential to expose data

Two apps from Chinese tech giant Baidu that had been available in the Google Play…

1 day ago

Shining a light on the dark shadow cast by shadow IT

Employees who don’t have the tools to get their jobs done sometimes turn to the…

2 days ago

Microsoft 365 troubleshooting: Diagnostic tools at your fingertips

Many Exchange Server troubleshooting tools don’t work with Microsoft 365. Fortunately, Microsoft has a bunch…

4 days ago