Sopra Steria, a major French computer services firm, has been the victim of a cybersecurity incident related to the Ryuk ransomware, which managed to encrypt a sector of its networks.
After several rumors, the firm confirmed the incident through a statement: “We detected a cyberattack on our networks on the night of October 20. We have taken the necessary security measures to contain the risks arising from infection and restore full functioning as soon as possible.”
A Sopra Steria spokesperson added that it is in close contact with its thousands of customers and partners around the world, as well as with the competent authorities for the incident investigation and recovery process.
Cybersecurity specialists mention that this hacking group is also known for using malware variants like Trickbot or BazarLoader, allowing them to access infected networks to deploy subsequent attacks. About BazarLoader, specialists mention that it is widely used in Ryuk attacks because it behaves really stealthily, preventing security tools from detecting an incident until it is too late.
After gaining access to a Windows domain controller, attackers deploy the Ryuk ransomware on the network to encrypt all of their devices, as depicted in the above image. When the cybersecurity community contacted Sopra Steria for further details about the incident, the company just told it had nothing more to say about it.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.