Sopra Steria claims that the attack was detected on 20 October, and it may take weeks to restore its systems.
Leading French IT services provider Sopra Steria was targeted with the new variant of Ryuk ransomware, which even the cyber security firms and antivirus software makers were unaware of.
The software disabled a limited portion of its infrastructure, and there’s no indication that its customer’s information system data was damaged or leaked.
The company discovered the attack on October 2oth and sent the virus signature to all antivirus software makers so that they could update their software packages.
Sopra Steria stated that it might take the company’s systems several weeks to return to normal functioning since many of its key systems were forced to go offline after the attack.
The company posted a brief message on its website explaining that it was attacked on Tuesday evening. Sopra Steria’s fintech business Sopra Banking Software later confirmed that it was attacked with a new version of Ryuk ransomware.
The company’s official statement read:
“The virus has been identified: it is a new version of the Ryuk ransomware, previously unknown to antivirus software providers and security agencies.” “Sopra Steria’s investigation teams immediately provided the competent authorities with all information required. The group was able to quickly make this new version’s virus signature available to all antivirus software providers, in order for them to update their antivirus software.” […] “Having analyzed the attack and established a remediation plan, the group is starting to reboot its information system and operations progressively and securely, as of today.”
Ryuk has proven to be one of the most notorious ransomware strains out there. In February earlier this year, a Ryuk ransomware attack took over Florida’s Stuart Police Department computers with digital evidence on six suspected drug dealers. All suspects walked free as a result of the attack.
Actualisation des informations relatives à la cyberattaque : https://t.co/iYmlfiQiBZ
— Sopra Steria France (@SopraSteria_fr) October 26, 2020
Sopra Steria hasn’t yet disclosed if they paid a ransom to the virus authors.