As reported in October 2020, Sopra Steria, a renowned French IT services provider, confirmed that its systems were targeted with a ransomware attack in October, which cost it a loss of tens of millions of dollars.
In its latest update on the incident, the Paris-based IT firm acknowledged that a new variant of the Ryuk malware family was used to hit its systems. As a result of the ransomware attack, the company’s services were disrupted while its systems went offline.
The company stated that it ‘rapidly’ blocked the ransomware attack; however, it had to bear heavy financial losses post the attack.
“The measures implemented immediately made it possible to contain the virus to only a limited part of the group’s infrastructure and to protect its customers and partners,” the IT firm stated.
The company admitted that the ransomware attack left a negative impact on its operating margin, which remained between €40 million and €50 million, while its insurance coverage for cyberattacks is EUR 30 million.
Sopra Steria claims that its negative organic revenue growth for 2020 may increase to up to 5% compared to last year’s 2-4%.
As far as free cash flow is concerned, the French IT firm states that it will most likely be between €50 million and €100 million, which previously was between €80 million and €120 million.
However, the company claims that its fourth-quarter sales activity will remain unaffected by the cyberattack as it didn’t cause any data leak. The severity of the financial impact is, reportedly, due to the varying levels of unavailability of its systems and the extensive remediation efforts the company had to initiate since the attack.
Over 10 different Sopra Steria employees were compromised through global malware spreading campaigns, these employees logged into sensitive infrastructure that may have served as the attack vector for this ransomware.
— Hudson Rock (@HRock) November 25, 2020
“The secure remediation plan launched on October 26 is nearly complete. Access has progressively been restored to workstations, R&D and production servers, and in-house tools and applications. Customer connections have also been gradually restored.”