One more time, a devastating cyberattack has hit a corporate giant. This time, the victim is a French IT firm Sopra Steria that suffered the ransomware attack.
Sopra Steria Ransomware Attack
Reportedly, the France-based IT giant Sopra Steria has suffered a massive cyber attack. According to the press release from the firm, the company fell prey to the cyber attack on October 20, 2020.
The company didn’t reveal many details about the attack besides a carefully-worded statement hinting the efforts to restore services.
The Group’s teams are working hard for a return to normal as quickly as possible and every effort has been made to ensure business continuity.
However, according to French media reports, the incident possibly affected the Active Directory infrastructure of the firm.
Besides, according to Verdict, it remains unclear whether the incident had any impact on the customers’ or employees’ data. However, the firm has asked the employees to not use VPNs to connect to the company network. Also, the staff has been instructed to not use the firm’s network OnePortal “for the time being”.
Ryuk Ransomware Suspected
While the IT giant remains silent on the attack details, French media reports confirm a ransomware attack here.
As revealed, the company has possibly fallen prey to Ryuk ransomware. An internal information note has detailed the attack technique and tactics besides explicitly mentioning Ryuk.
The same malware earlier hit the Universal Health Services (UHS) hospital network as well as some other major targets this year.
As for the attack vector, speculations have been around regarding the exploitation of the Zerologon vulnerability (CVE-2020-1472) that Microsoft patched in August. However, exploit codes for this flaw are publicly available and in use by the threat actors. Despite numerous warnings, many systems haven’t patched the flaw yet.
For now, no other details are available. Perhaps, the company may reveal details officially upon completing the investigations.