Sopra Steria, a major European IT company responsible for consulting, technical support, and helping clients with digital transformation, has reported it was hit with a cyberattack that appears to be ransomware-related. The Paris-based company issued an alert on Oct. 21 that their internal network had been compromised. The notice reads as follows:
A cyberattack has been detected on Sopra Steria’s IT network on the evening of 20th October. Security measures have been implemented in order to contain risks. The Group’s teams are working hard for a return to normal as quickly as possible and every effort has been made to ensure business continuity. Sopra Steria is in close contact with its customers and partners, as well as the competent authorities.
When reading the notice, Sopra Steria does not explicitly mention ransomware as being the culprit. One could infer it based on the description of the attack, but that would be mere conjecture. The ransomware connection was made by third-party sources in the cybersecurity community, and then found that information reported in corresponding media.
Sources with inside knowledge of the attack told two media outlets about the ransomware. First, Bleeping Computer’s Lawrence Abrams was informed by an anonymous source that the attack was caused by Ryuk, an infamous ransomware known for high-profile attacks against the medical industry. This was then confirmed by another source, this time the French IT news service LeMagIT. When translated into English, the LeMagIT report states the following on the Sopra Steria incident and Ryuk’s involvement:
Two sources tell us that the ransomware involved is none other than Ryuk. Surprisingly, researcher JamesWT_MHT found a copy of an executable on VirusTotal that has been confirmed by two sources to be used internally at ESN for generating email signatures. It could prove invaluable in targeted phishing campaigns.
Since the investigation is ongoing, it is unknown how this ransomware made its way into Sopra Steria’s network. A negligent employee most likely downloaded a malicious file with Ryuk as an executable, but again, this is merely conjecture at the moment.
Any relevant, major updates on this story will be reported on accordingly.
Featured image: Flickr / After Sales