Sopra Steria ransomware attack costs group €50m
Banking technology firm, Sopra Steria, says a ransomware attack which affected its systems in October has cost it upwards of €50 million.
Sopra discovered the Ryuk ransomware on 21 October. It says that it managed to rapidly block the malware from spreading through its systems.
The vendor confined Ryuk to a “limited part” of the group’s infrastructure. Sopra says it protected customers and partners from becoming victims.
The firm adds that it “has not identified any leaked data or damage caused to its customers’ information systems”.
A remediation plan launched on 26 October. The vendor progressively restored access to affected workstations, research and development, and production servers.
This unavailability and diverting of resources has a “gross negative impact” on Sopra’s operating margin to the tune of €30 million to €50 million.
The group’s insurance coverage for cyber risks covers €30 million of the total. Sopra says the attack won’t “significantly” affect its sales activity.
The Ryuk ransomware is operated by the Wizard Spider crime group. It targets large organisations to achieve high ransom returns.
Ryuk specifically targets commercial firms, and is based on the source code of the Hermes virus. According to Crowdstrike, criminals using the malware have netted more than $3.7 million in ransom.
The malware is usually delivered via an executable payload. It avoids encrypting system critical folders and data to increase the stability of its host system and ensure the victim can see its effects.
Sopra shopping
The ransomware attack hasn’t affected Sopra’s acquisitive nature.
Earlier this week the group announced its intentions to acquire Fidor Solutions, the software subsidiary of Fidor Bank.
The vendor is making the purchase via its Sopra Banking Software subsidiary. It believes that a completed acquisition would reinforce its digital banking solutions.
Related: Brazilian malware Ghimob targets 153 financial apps