French IT giant Sopra Steria was hit with a cyber-attack last week that disrupted the business of the firm & is widely believed to have been traced to the threat players behind Ryuk ransomware.
The cyber-attack reportedly encrypted parts of their network on Oct. 20, but the firm has remained mostly silent on details.
“A cyber-attack has been detected on Sopra Steria’s IT network on the evening of 20th Oct.,” officials explained. “Security measures have been implemented in order to contain risks.”
Sopra Steria employs 46,000 people in 25 countries, & even has a cyber-security arm that specialises in helping customers implement “reliable security & resiliency,” says its website.
However the company, which did $4.4 billion in business last year, divulged nothing of exactly what type of attack it was & what services, systems & data were affected, sources in the French media claim it was Ryuk ransomware that took down the company.
If true, then the attackers behind Ryuk have been quite active recently. Last week, the group who are also responsible for the TrickBot & BazarLoader infections used together with the ransomware, also struck in a fast attack that evolved from sending a phishing email to complete encryption across the victim’s network in just 5 hours.
Ryuk, also, is behind a ransomware attack less than a month ago that shut down Universal Health Services, a US Fortune-500 owner of a nationwide network of hospitals.
Sopra Steria is currently working to recover its systems “for a return to normal as quickly as possible” after the attack, as well as making “every effort … to ensure business continuity,” officials observed in a statement.
The company is working with authorities as well as staying in touch with customers & partners.
It’s unfortunate that a company that specialises in IT services & cyber-security would keep the public unbriefed about key details of what happened during the attack, & how it might affect their affiliates, observed Chloe Messdaghi, VP of Strategy for Point3 Security.
“One thing that is disappointing however is that Sopra Steria didn’t inform its customers in their public notification of exactly what types of data were exposed,” she outlined in an e-mail.
“They also didn’t offer any advice on the kinds of attack attempts that end users whose data was exposed might expect & should be prepared to spot. Those potential attack strategies are dependent on the data exposed.”
Transparency with customers who could have been affected & exposed to risk is especially important for companies that specialise in IT services to uphold in these circumstances, Messdaghi suggested.
“As a digital transformation company, Sopra Steria is no doubt aware of these risks,” she commented. “It’s crucially important that they share them, & quickly, with those whose data was exposed.”