IT Company with 46,000 employees in 25 countries infected with ransomware

Sopra Steria, a major French computer services firm, has been the victim of a cybersecurity incident related to the Ryuk ransomware, which managed to encrypt a sector of its networks.

After several rumors, the firm confirmed the incident through a statement: “We detected a cyberattack on our networks on the night of October 20. We have taken the necessary security measures to contain the risks arising from infection and restore full functioning as soon as possible.”

A Sopra Steria spokesperson added that it is in close contact with its thousands of customers and partners around the world, as well as with the competent authorities for the incident investigation and recovery process.

Cybersecurity specialists mention that this hacking group is also known for using malware variants like Trickbot or BazarLoader, allowing them to access infected networks to deploy subsequent attacks. About BazarLoader, specialists mention that it is widely used in Ryuk attacks because it behaves really stealthily, preventing security tools from detecting an incident until it is too late.

After gaining access to a Windows domain controller, attackers deploy the Ryuk ransomware on the network to encrypt all of their devices, as depicted in the above image. When the cybersecurity community contacted Sopra Steria for further details about the incident, the company just told it had nothing more to say about it.