French IT services giant Sopra Steria was affected by a cyberattack on October 20th in which portions of their network has been reportedly encrypted with the Ryuk ransomware.
Sopra Steria, a European information technology company having 46,000 employees in 25 countries worldwide provides a wide range of IT services, including consulting, systems integration, and software development.
The company issued a statement on 21st that they have been hit with a cyber-attack and that they have implemented security measures to contain the risks. They also stated that their team is working hard to return to normal at the earliest to continue with the business.
According to sources, Sopra Steria network was encrypted by Ryuk ransomware. The hacking group is known for its TrickBot and BazarLoader infections that lets threat actors to access a compromised network and deploy the Ryuk or Conti ransomware infections.
For Ryuk attacks, BazarLoader is mostly used against high-value targets because of its stealthy nature and is not detected fast.
After installing BazarLoader will permit threat actors to remotely access the victim’s computer and use it to compromise the rest of the network. On getting access to a Windows domain controller, the attackers then deploy the Ryuk ransomware on the network to encrypt all of its devices.
More details regarding the attack is not known at the moment.
Image Credits : Bleeping Computer