Sopra Steria records heavy financial loss after Ryuk ransomware attack

The company stated that it ‘rapidly’ blocked the ransomware attack; however, it had to bear heavy financial losses post the attack.

As reported in October 2020, Sopra Steria, a renowned French IT services provider, confirmed that its systems were targeted with a ransomware attack in October, which cost it a loss of tens of millions of dollars.

In its latest update on the incident, the Paris-based IT firm acknowledged that a new variant of the Ryuk malware family was used to hit its systems. As a result of the ransomware attack, the company’s services were disrupted while its systems went offline.

See: Ragnar Locker ransomware gang using Facebook ads to extort victims

The company stated that it ‘rapidly’ blocked the ransomware attack; however, it had to bear heavy financial losses post the attack.

“The measures implemented immediately made it possible to contain the virus to only a limited part of the group’s infrastructure and to protect its customers and partners,” the IT firm stated.

The company admitted that the ransomware attack left a negative impact on its operating margin, which remained between €40 million and €50 million, while its insurance coverage for cyberattacks is EUR 30 million.

Sopra Steria claims that its negative organic revenue growth for 2020 may increase to up to 5% compared to last year’s 2-4%.

French IT Firm Sopra Steria Hit By Ryuk Ransomware
The ransom note that Ryuk ransomware operators have left for previous targets

As far as free cash flow is concerned, the French IT firm states that it will most likely be between €50 million and €100 million, which previously was between €80 million and €120 million.

See: US private prison, detention centers operator hit by ransomware attack

However, the company claims that its fourth-quarter sales activity will remain unaffected by the cyberattack as it didn’t cause any data leak. The severity of the financial impact is, reportedly, due to the varying levels of unavailability of its systems and the extensive remediation efforts the company had to initiate since the attack.

“The secure remediation plan launched on October 26 is nearly complete. Access has progressively been restored to workstations, R&D and production servers, and in-house tools and applications. Customer connections have also been gradually restored.”

Did you enjoy reading this article? Kindly do like our page on Facebook and follow us on Twitter.

Related Posts