Leading IT services enterprise Sopria Steria has recently announced it anticipates losing somewhere between €40m and €50m (£36m and £45m) in the wake of a devastating attack employing Ryuk ransomware that occurred back in October.

The French firm currently operates internationally in 25 different countries with a 46,000-strong workforce, while providing a wide range of IT services such as systems integration and software development, as well as specialist consulting.

An official statement from Sopria Steria explained:

“The remediation and differing levels of unavailability of the various systems since 21 October is expected to have a gross negative impact on the operating margin of between €40 million and €50 million. The Group’s insurance coverage for cyber risks totals €30 million.”

Ryuk ransomware attack in October

On October 21, Sopra Steria made a public announcement that its network had been struck by a cyberattack, however other than the time of the assault (October 20, in the evening) it did not offer detailed information on the attack or who it believed the perpetrators were behind it.

Information technology help site BleepingComputer was informed by a source that the IT services enterprise was attacked by the same cybercriminal operators who targeted the Universal Health Services during September – the Ryuk ransomware group. BleepingComputer approached Sopra Steria but it stated that at the time that it had no further details it was able to share. However, only a week later, the French firm contacted the help site and confirmed it had been hit by Ryuk assault employing a new form of Ryuk ransomware. It also revealed that fortunately, the attack had taken place only a matter of days before it was discovered by security teams at Sopra Steria.

Private data safeguarded after the attack

After identifying it, the in-house security staff, along with IT personnel at Sopra Steria, blocked the ransomware attack. This effectively contained the malicious infection to a limited area within the firm’s infrastructure, allowing it to protect not only sensitive company data, but also private data belonging to Sopra Steria’s partners and customers.

The company commented in its statement:

“At this stage, Sopra Steria has not identified any leaked data or damage caused to its customers’ information systems.”

On October 26, the recovery process initiated by the IT services provider was close to completion. Access has now been restored to almost all of its applications, in-house tools, production and research and development servers, and staff workstations. However, the financial losses from the incident are now being calculated and while the company has managed to get back up and running reasonably quickly, addressing the situation has proved costly.

Sopra Steria is not the only IT services giant to be hit with the financial impact of a ransomware attack. Earlier in April of this year, one of the biggest IT managed services firms in the world, Cognizant, made headlines following an attack by the now retired Maze ransomware group. Cognizant estimated that its losses from the assault were expected to be close to $70m (£52m) at the top end.