French IT giant Sopra Steria was hit with a cyber attack this week that disrupted the business of the firm and is widely believed to be the work of the threat actors behind Ryuk ransomware.
“A cyberattack has been detected on Sopra Steria’s IT network on the evening of 20th October,” officials said. “Security measures have been implemented in order to contain risks.”
Sopra Steria employs 46,000 people in 25 countries and even has a cybersecurity arm that specializes in helping customers implement “reliable security and resiliency,” according to its website.
However the company, which did $4.4 billion in business last year, divulged nothing of exactly what type of attack it was and what services, systems and data were affected, sources in the French media claim it was Ryuk ransomware that took down the company.
If that’s true than the attackers behind Ryuk have been quite active lately. Earlier this week the group—also responsible for the TrickBot and BazarLoader infections used together with the ransomware—also struck in an unusually swift attack that went from sending a phishing email to complete encryption across the victim’s network in just five hours.
Ryuk also is behind a ransomware attack less than a month ago that shut down Universal Health Services, a Fortune-500 owner of a nationwide network of hospitals.
Sopra Steria is currently working to recover its systems “for a return to normal as quickly as possible” after the attack, as well as making “every effort … to ensure business continuity,” officials said in a statement. The company is working with authorities on the matter as well as staying in touch with customers and partners.
Still, it’s unfortunate that a company that specializes in IT services and cybersecurity would keep the public in the dark about key details of what went down during the attack and how it might affect their affiliates, observed Chloe Messdaghi, vice president of strategy for Point3 Security.
“One thing that is disappointing however is that Sopra Steria didn’t inform its customers in their public notification of exactly what types of data were exposed,” she said in an e-mail to Threatpost. “They also didn’t offer any advice on the kinds of attack attempts that end users whose data was exposed might expect and should be prepared to spot. Those potential attack strategies are dependent on the data exposed.”
This type of transparency with customers who could have been affected and exposed to risk is especially important for companies that specialize in IT services to uphold in these circumstances, Messdaghi said.
“As a digital transformation company, Sopra Steria is no doubt aware of these risks,” she said. “It’s crucially important that they share them, and quickly, with those whose data was exposed.”