Sopra Steria Expects €50 Million Loss After Ryuk Ransomware Attack

French IT services giant Sopra Steria said today in an official statement that the October Ryuk ransomware attack will lead to a loss of between €40 million and €50 million.

Sopra Steria is a European information technology firm with 46,000 employees in 25 countries providing a large array of IT services, including consulting, systems integration, and software development.

“The remediation and differing levels of unavailability of the various systems since 21 October is expected to have a gross negative impact on the operating margin of between €40 million and €50 million,” Sopra Steria said. “The Group’s insurance coverage for cyber risks totals €30 million.”

Also Read: A Look at the Risk Assessment Form Singapore Government Requires

The October Ryuk attack

Sopra Steria published a statement on October 21st regarding a cyberattack that hit its network on the evening of October 20th but did not provide details on who was behind the attack.

However, BleepingComputer had info from a source familiar with the attack that the French IT services firm was hit by the Ryuk ransomware group who also encrypted the systems of Universal Health Services in September.

When BleepingComputer reached out to Sopra Steria for further details and confirmation of the Ryuk attack, we were told that they “don’t have further details to share.”

A week later, Sopra Steria confirmed in a statement sent to BleepingComputer that it was indeed a Ryuk attack using a new version of Ryuk ransomware.

“Moreover, it has also been established that the cyberattack was only launched a few days before it was detected,” Sopra Steria also told BleepingComputer.

No data leaked after the ransomware attack

The ransomware attack was blocked by Sopra Steria’s in-house security and IT teams which contained the ransomware to “a limited part of the Group’s infrastructure” thus protecting the company’s data, as well as its customers and partners.

“At this stage, Sopra Steria has not identified any leaked data or damage caused to its customers’ information systems,” Sopra Steria said.

The recovery process started by the company on October 26th is almost complete, with access restored to nearly all “workstations, R&D and production servers, and in-house tools and applications.”

“After including the items mentioned above, for financial year 2020 Sopra Steria expects to see negative organic revenue growth of between 4.5% and 5.0% (previously ‘between -2% and -4%’), an operating margin on business activity of around 6.5% (previously ‘between 6% and 7%’), and free cash flow of between €50 million and €100 million (previously ‘between €80m and €120m’),” the company added.

Cognizant, one of the largest IT managed services company in the world, also said it expected losses of between $50 million to $70 million following a Maze ransomware attack from April 2020.

Also Read: How to Send Mass Email Without Showing Addresses: 2 Great Workarounds

Aluminum manufacturing giant Norsk Hydro said, one week after disclosing a LockerGoga ransomware attack that sent the company into partial manual mode operations, that the “preliminary estimated financial impact for the first full week” after the attack was in the NOK 300-350 million range (between $33 and $39 million).