Sopra Steria expects €50 million loss after Ryuk ransomware attack

Posted by & filed under Security News.

French IT services giant Sopra Steria said today in an official statement that the October Ryuk ransomware attack will lead to a loss of between €40 million and €50 million.

Sopra Steria is a European information technology firm with 46,000 employees in 25 countries providing a large array of IT services, including consulting, systems integration, and software development.

“The remediation and differing levels of unavailability of the various systems since 21 October is expected to have a gross negative impact on the operating margin of between €40 million and €50 million,” Sopra Steria said. “The Group’s insurance coverage for cyber risks totals €30 million.”

The October Ryuk attack

Sopra Steria published a statement on October 21st regarding a cyberattack that hit its network on the evening of October 20th but did not provide details on who was behind the attack.

However, from other sources familiar with the attack that the French IT services firm was hit by the Ryuk ransomware group who also encrypted the systems of Universal Health Services in September.

A week later, Sopra Steria confirmed in a statement that it was indeed a Ryuk attack using a new version of Ryuk ransomware.

“Moreover, it has also been established that the cyberattack was only launched a few days before it was detected,” Sopra Steria said.

No data leaked after the ransomware attack

The ransomware attack was blocked by Sopra Steria’s in-house security and IT teams which contained the ransomware to “a limited part of the Group’s infrastructure” thus protecting the company’s data, as well as its customers and partners.

“At this stage, Sopra Steria has not identified any leaked data or damage caused to its customers’ information systems,” Sopra Steria said.

The recovery process started by the company on October 26th is almost complete, with access restored to nearly all “workstations, R&D and production servers, and in-house tools and applications.”

“After including the items mentioned above, for financial year 2020 Sopra Steria expects to see negative organic revenue growth of between 4.5% and 5.0% (previously ‘between -2% and -4%’), an operating margin on business activity of around 6.5% (previously ‘between 6% and 7%’), and free cash flow of between €50 million and €100 million (previously ‘between €80m and €120m’),” the company added.

Cognizant, one of the largest IT managed services company in the world, also said it expected losses of between $50 million to $70 million following a Maze ransomware attack from April 2020.

Aluminum manufacturing giant Norsk Hydro said, one week after disclosing a LockerGoga ransomware attack that sent the company into partial manual mode operations, that the “preliminary estimated financial impact for the first full week” after the attack was in the NOK 300-350 million range (between $33 and $39 million).


The information contained in this website is for general information purposes only. The information is gathered from BLEEPING COMPUTER., while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.  Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them. Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.