On October 21, Sopra Steria, France's leading IT company, announced that it had suffered hacking attack on October 20, during which parts of its network were encrypted by Ryuk ransomware. However, the company provided little information about the incident. Sopra Steria is a European IT company currently employing 46.000 people in 25 countries worldwide. The company provides a wide range of IT services, such as consulting services, systems integration and development software.
The French IT company pointed out that security measures have been taken to reduce the risks. She also stressed that her staff is working hard for the fastest possible recovery but also to ensure its continuity. business. Sopra Steria is also in close contact with its customers and partners, as well as with the competent authorities.
An insider familiar with the incident told BleepingComputer that the Sopra Steria network was encrypted by Ryuk ransomware, which has hit numerous health services around the world. Many sources have also reported on the French IT website "LeMagIT" that behind that attack is the gang of Ryuk ransomware. This gang is known for infections TrickBot and BazarLoader allowing hackers to obtain access in a breached network and develop Ryuk /Accounts ransomware.
BazarLoader is increasingly used in Ryuk ransomware attacks against high-profile targets, as it is more difficult to detect by security software than TrickBot. Once installed on a target system, BazarLoader allows hackers to remotely access the victim's computer and use it to break into the rest of the network. After gaining access to a controller domain Windows, intruders then deploy Ryuk ransomware on the network to encrypt all Appliances found in it.