Sopra Steria Hit by New Ryuk Variant

Written by

French IT services giant Sopra Steria has said it will take weeks to return to normal after a serious ransomware attack forced key systems offline.

The group posted a very brief message on its website last week claiming to have discovered the attack on Tuesday evening.

However, its fintech business Sopra Banking Software confirmed in an update today that the incident was a ransomware attack.

“The virus has been identified: it is a new version of the Ryuk ransomware, previously unknown to anti-virus software providers and security agencies,” it claimed.

“Sopra Steria’s investigation teams immediately provided the competent authorities with all information required. The group was able to quickly make this new version’s virus signature available to all anti-virus software providers, in order for them to update their anti-virus software.”

The statement claimed that Sopra Steria had managed to catch the attack after a “few days” and confine it to “a limited part” of its IT infrastructure.

“At this stage, and following in-depth investigation, Sopra Steria has not identified any leaked data or damage caused to its customers’ information systems,” it added.

“Having analyzed the attack and established a remediation plan, the group is starting to reboot its information system and operations progressively and securely, as of today.”

However, it will take “a few weeks for a return to normal” across the business, it warned.

Ryuk is one of the most prolific ransomware strains out there, having targeted organizations as diverse as US defense contractor EWA and Spanish logistics firm Prosegur.

Sopra Steria, which operates the NHS Shared Business Service joint venture, is certainly not the first IT services company to be caught out by ransomware. After being hit by the Maze group earlier this year, Cognizant admitted that the incident may end up costing it as much as $70m in Q2 alone.

What’s hot on Infosecurity Magazine?