A European tech company called Sopra Steria was attacked by ransomware on October 20. The company reported the cyberattack in a press release and stated that security measures are being activated to limit the spread of the ransomware.
Sopra Steria is one of the largest digital service providers in France and is expected to hold massive amounts of important data that can be lost to encryption. The company clarified that its team was working to restore operations back to normalcy. Additionally, the company stated that it was in touch with customers and partners, and with the necessary authorities. The French Cybersecurity Authority ANSSI is expected to comment on this case as soon as new evidence comes to light.
The company itself has not confirmed any details about the extent of the damage. There have been no reports about the encryption of data, and no details about the ransom demand. There seems to be a possibility that this cyberattack crippled Sopra Steria’s relations with some of its customers, and possibly with one of its green bank clients.
Sources close to the matter have laid the blame on prominent ransomware group Ryuk. A targeted phishing campaign was reportedly Ryuk’s modus operandi in this case. Ryuk is one of the most dangerous ransomware groups prevalent today, because of its sophistication and its high frequency of attacks. While the group saw a hiatus in H1 2020, Ryuk is evidently back with a bang since September this year.
France has been mindful of cyberattacks since 2008 when then President Sarkozy authored a White Paper identifying and noting the risks of the same. Moreover, the nation passed new laws in 2015 to curb future cyberattacks.
Despite these measures, , threats have been on the increase. MagIT clearly stated the number of ransomware attacks the country has experienced in 2020 and even identified the perpetrator groups. Notably, Maze, Ryuk, Conti, and NetWalker ransomware groups have been rampant in France.
