The latest victim of the Ryuk ransomware group is ‘Sopra Steria,’ a Paris-based IT consultant and ERP integration expert that employs about 45,000 people and counts its yearly revenue in the billions. It is pretty embarrassing for an IT giant to fall victim to a ransomware group. Still, on the other hand, these hackers have grown so persistent and sophisticated that fending them off 24/7 is really challenging, no matter who you are and what you do.
The company has admitted the event and released the following statement:
Bleeping Computer claims to have valid information about the result of this attack, something that Sopra Steria decided not to elaborate on. More specifically, there are reports about full network encryption by Ryuk, which are confirmed by French media too.
It is possible that it all started with a TrickBot or BazarLoader infection, as we have seen these malware tools getting deployed with the ultimate goal being a Ryuk encryption. This part of the attack has not been confirmed, though, so it’s just an assumption based on what has been going on recently.
Related: The Ryuk Ransomware Gang Is Surely Not Dead or Replaced by Conti
While Sopra Steria is transparent about the event, there is nothing about ransom demands, service availability estimations, data leak possibility, etc. Since the authorities have been contacted, a GDPR investigation could also be kicked off by the French data protection commissioner.
Last week, we analyzed the recent activity attributed to Ryuk and why the particular group shouldn’t be considered inactive or replaced by Conti. This latest incident against Sopra Steria underlines this fact in the best possible way and highlights that the hackers are aiming for big players.