IT services giant Sopra Steria has admitted that it will take "weeks" for the company to recover after it was hit by a serious cyber attack last week.
In a statement released on Monday, the French-headquartered IT firm confirmed that it was struck by a new variant of the infamous Ryuk ransomware, which it claims was previously unknown to antivirus software providers and security agencies.
Ryuk, a popular strain of malware that is said to be targeting some 20 organisations a week, which recently forced a number of US hospitals offline, is believed to have compromised Sopra Steria's Active Directory infrastructure and encrypted portions of the company's network.
"Sopra Steria’s investigation teams immediately provided the competent authorities with all information required," the company said. "The Group was able to quickly make this new version’s virus signature available to all antivirus software providers, in order for them to update their antivirus software."
"Moreover, it has also been established that the cyber attack was only launched a few days before it was detected."
While not immediately detected, Sopra Steria says it was able to contain the malware to a "limited part" of the company's infrastructure, and said it has not identified any leaked data or damage caused to its customers’ information systems.
However, the company has admitted that it will take a "few weeks" for a "return to normal".
"Having analysed the attack and established a remediation plan, the Group is starting to reboot its information system and operations progressively and securely, as of today," it added.
Somewhat ironically, Sopra Steria has a specialised cyber security brand that promises to help customers “protect sensitive information, and prevent costly data breaches.”
The company is also one of the founding members of France’s Cyber Campus, an industry-led initiative to spread cyber security awareness, training and product sales.
RELATED RESOURCE
A guide to becoming cloud-native smart and secure
The transcendence of cloud-native application development
Commenting on the attack, security analyst Graham Cluley said: "Although it might be easy for those unaffected to be bemused by the irony of a company like Sopra Steria being hit by ransomware, it’s really a reminder that any organisation could potentially fall victim to a determined attack.
"All companies, big and small, need to be on their guard and put defences in place to reduce the chances of becoming the next victim."
-
BlackSuit ransomware gang taken down in latest law enforcement sting – but members have already formed a new groupNews The notorious gang has seen its servers taken down and bitcoin seized, but may have morphed into a new group called Chaos
-
Google cyber researchers were tracking the ShinyHunters group’s Salesforce attacks – then realized they’d also fallen victimNews In an update to an investigation on the ShinyHunters group, Google revealed it had also been affected
-
Nearly one-third of ransomware victims are hit multiple times, even after paying hackersNews Many ransomware victims are being hit more than once, largely thanks to fragmented security tactics
-
75% of UK business leaders are willing to risk criminal penalties to pay ransomsNews A ransom payment ban is a great idea - until you're the one being targeted...
-
The Scattered Spider ransomware group is infiltrating Slack and Microsoft Teams to target vulnerable employeesNews The group is using new ransomware variants and new social engineering techniques - including sneaking into corporate teleconferences
-
Hackers breached a 158 year old company by guessing an employee password – experts say it’s a ‘pertinent reminder’ of the devastating impact of cyber crimeNews A Panorama documentary exposed hackers' techniques and talked to the teams trying to tackle them
-
The ransomware boom shows no signs of letting up – and these groups are causing the most chaos
News Thousands of ransomware cases have already been posted on the dark web this year
-
Everything we know about the Ingram Micro cyber attack so far
News A cyber attack on Ingram Micro severely disrupted operations and has been claimed by the SafePay ransomware group.
