zephyr_p - stock.adobe.com

Sopra Steria hit by new version of Ryuk ransomware

IT services company Sopra Steria says it has contained the ransomware virus, but systems will take a few weeks to be fully operational

IT services provider Sopra Steria said its systems will be running below full operational capacity for a few weeks after being hit by a cyber attack.

The French company identified the attack as a new version of the Ryuk ransomware and said it was able to contain the virus to “a limited part” of its infrastructure. It added that during its investigation it has not identified any leaked data or damage to its customers’ information systems.

Sopra Steria said it detected the cyber attack on October 20, and shared what it knew with security authorities and security suppliers. The attack was first revealed by Computer Weekly’s sister publication in France, Le Mag IT.

“[We were] able to quickly make this new version’s virus signature available to all software providers, in order for them to update their antivirus software,” said Sopra Steria.

As an IT service provider to enterprises across the world, the company must reassure customers that the virus has not found its way into their systems.

The company said it is rebooting information systems and operations “progressively and securely”, with normal operations expected to return across the group in a few weeks.

Named after a fictional shinigami – a folkloric spirit associated with death in Japanese culture – that appears in the Death Note manga and anime series, Ryuk is owned and operated by a Russia-based group that targets mainly enterprise environments in so-called big game hunting attacks.

In September, Universal Health Services, a major supplier of private healthcare services in the US and mental health services in the UK, was hit by Ryuk, leaving systems offline and inoperable.

Ransomware is a form of malware in which the data on a victim's computer is locked – usually by encryption – and payment is demanded before the data is decrypted and access is returned.

Warwick Ashford, analyst at Kuppinger Cole, said cyber criminals consider IT services firms a vulnerable target. “Ransomware disrupts services so the additional leverage they have is that IT service providers are more likely to pay up because it could disrupt their services to their customers,” he said.

“The temptation to pay is always there, but the advice is not to pay up because that supports the business model of the cyber criminals by making it lucrative.”

He added that ransomware seems to be on the rise, which has been a trend for the past few years. “It is becoming more targeted and specialised,” he warned.

Read more about Ryuk ransomware

Read more on Hackers and cybercrime prevention