IT services giant Sopra Steria has announced that last month’s cyber attack on its systems is likely to cost the company up to €50 million.
In an update published on its website, the NHS supplier admitted that the ransomware attack would negatively impact its gross operating margin by between €40 million (£35.6m) and €50 million (£44.5m).
The French company also revealed that its insurance coverage for cyber risks totals €30 million (£26.7m). IT Pro contacted its representatives about the details of the insurance coverage but is yet to hear back from the company.
Sopra Steria stated that the large costs of the cyber attack, a new variant of the infamous Ryuk ransomware, can be attributed to “the remediation and differing levels of unavailability of the various systems since 21 October”, the day when the incident was detected.
However, the IT services giant added that “sales activity for the fourth quarter should not be significantly affected by this event”.
“For financial year 2020, Sopra Steria expects to see negative organic revenue growth of between 4.5% and 5.0% (previously “between -2% and -4%”), an operating margin on business activity of around 6.5% (previously “between 6% and 7%”), and free cash flow of between €50 million and €100 million (previously “between €80m and €120m”),” it said.
Ryuk is a popular strain of malware which last month was reported to be targeting some 20 organisations a week as well as forcing a number of US hospitals offline. It is believed to have compromised Sopra Steria's Active Directory infrastructure and encrypted portions of the company's network.
However, according to the company, the attack was “rapidly blocked thanks to in-house IT and cyber security teams”.
“The measures implemented immediately made it possible to contain the virus to only a limited part of the Group’s infrastructure and to protect its customers and partners,” it added.
Sopra Steria also confirmed that the incident had not caused any further breach of data, saying that it had not identified “any leaked data or damage caused to its customers’ information systems”.
Since the cyber attack, the company has managed to restore access to its workstations, R&D and production servers, in-house tools and applications, as well as customer connections.
-
Prolific ransomware operator added to Europe’s Most Wanted list as US dangles $10 million rewardNews The US Department of Justice is offering a reward of up to $10 million for information leading to the arrest of Volodymyr Viktorovych Tymoshchuk, an alleged ransomware criminal.
-
Jaguar Land Rover “did the right thing” shutting down systems to thwart cyber attackNews The attack on Jaguar Land Rover highlights the growing attractiveness of the automotive sector
-
Ransomware attack on IT supplier disrupts hundreds of Swedish municipalitiesNews The attack on IT systems supplier Miljödata has impacted public sector services across the country
-
A notorious hacker group is ramping up cloud-based ransomware attacksNews The Storm-0501 threat group is refining its tactics, according to Microsoft, shifting away from traditional endpoint-based attacks and toward cloud-based ransomware.
-
Security researchers have just identified what could be the first ‘AI-powered’ ransomware strain – and it uses OpenAI’s gpt-oss-20b modelNews Using OpenAI's gpt-oss:20b model, ‘PromptLock’ generates malicious Lua scripts via the Ollama API.
-
Data I/O shuts down systems in wake of ransomware attack
News Regulatory filings by Data I/O suggest the costs of dealing with the attack could be significant
-
Average ransom payment doubles in a single quarterNews Targeted social engineering and data exfiltration have become the biggest tactics as three major ransomware groups dominate
-
BlackSuit ransomware gang taken down in latest law enforcement sting – but members have already formed a new groupNews The notorious gang has seen its servers taken down and bitcoin seized, but may have morphed into a new group called Chaos
