Sopra Steria, a French IT services firm and MSP that specializes in digital transformation, has experienced a Ryuk ransomware attack that could trigger up to €50 million ($59 million) in recovery costs, according to BankInfoSecurity. The company also will receive a $35 million cyber insurance payout following the ransomware attack and does not expect the incident to impact its fourth-quarter sales results.
Sopra Steria discovered the Ryuk attack on October 20, the company said. Cybercriminals used Ryuk to steal Sopra Steria's data and lock its database during the attack.
After Sopra Steria identified the Ryuk attack, the company implemented security measures to contain the attack and protect its customers and partners. Sopra Steria did not identify any leaked data or damage caused to its customers' information systems as a result of the Ryuk attack.
Sopra Steria delivers consulting, digital services and software development to European organizations. The company reported total revenue of €4.4 billion ($5.2 billion) last year.
Ryuk Ransomware: Earlier Attacks
In addition to Sopra Steria, several other organizations recently have experienced Ryuk ransomware attacks, including:
- Universal Health Services (UHS): A ransomware attack caused temporary disruptions to certain aspects of UHS's clinical and financial operations; various media reports have linked the cyberattack to Ryuk.
- Durham Government Agencies: Cybercriminals used Ryuk to attack city and county governments in Durham, North Carolina; internal employees may have spread Ryuk by clicking on infected emails.
- Emcor: A Ryuk attack forced the Fortune 500 company to temporarily shut down its IT systems and implement business continuity plans.
Ryuk is a form of ransomware that leverages encryption to block access to a system, device or file until a ransom is paid. It enables a threat actor to identify and attack an organization's critical network systems and may go undetected for several days or months following an initial infection.
Ransomware Attacks Target MSPs, IT Service Providers
Meanwhile, IT service providers and MSPs remain prime targets for ransomware attacks, since their systems often host or interconnect to numerous end-customer systems. Many of the attacks involve stealthy approaches that hide from anti-virus tools, Huntress Labs notes.
The U.S. Secret Service has warned IT service providers and consulting firms about ongoing cyberattacks. The warning indicated that threat actors are increasingly targeting point-of-sale (POS) systems and performing business email compromise (BEC) and ransomware attacks.
Recent MSP and IT consulting ransomware attack victims include:
- Cognizant, which suffered $50 million to $70 million in lost revenue related to the attack.
- xChanging, a DXC Technology subsidiary.
- Collabera, an IT staffing firm;
- Orange Business Services, a major telecom service provider and Top 200 MSSP; and
- Telecom SA, the largest telecom company in Argentina.
How MSPs Can Mitigate Ransomware Attack Risks: To safeguard your MSP business and clientele from ransomware attacks, follow this tip sheet.