本文翻译自bleepingcomputer.com在 2020 年 11 月 25 日 发布的一篇文章,作者Sergiu Gatlan,由Kenson Wu翻译,译文全文如下:

法国IT服务巨头Sopra Steria今天在一份正式声明中表示,“自10月21日以来,各种系统的补救措施和可用程度有所改变,预计将对4,000万至5,000万欧元的营业利润产生重大负面影响,” Sopra Steria说。 “集团的网络风险保险总赔偿限额为3,000万欧元。”

十月的Ryuk袭击

Sopra Steria在10月21日发布了一份声明,内容涉及网络攻击,该攻击在10月20日晚上袭击了其网络,但未提供有关攻击背后的原因的详细信息。

但是,媒体从熟悉攻击的消息来源处获得信息,该法国IT服务公司受到Ryuk勒索软件组织的攻击,该组织还在9月对Universal Health Services的系统进行了加密。当媒体向Sopra Steria联系以获取更多详细信息并确认Ryuk攻击时,我们被告知他们“没有其他细节可分享”。

一周后,Sopra Steria在发送给媒体的声明中证实,确实确实是Ryuk攻击。Sopra Steria还对媒体表示:“此外,已经确定网络攻击只是在被发现前几天才启动。”

勒索软件攻击后没有数据泄漏

勒索软件攻击被Sopra Steria的内部安全和IT团队阻止,该勒索软件将勒索软件包含在“集团基础架构的有限部分”中,从而保护了公司的数据以及其客户和合作伙伴。

Sopra Steria说:“在此阶段,Sopra Steria尚未发现任何泄漏的数据或对客户信息系统造成的损坏。”

该公司于10月26日开始的恢复过程几乎已完成,几乎所有“工作站,研发和生产服务器以及内部工具和应用程序”的访问权限都已恢复。

“在经历上述事件之后,Sopra Steria预计2020财年的营业收入将出现4.5%至5.0%的负增长(以前是-2%至-4%之间),经营活动的营业利润率约为6.5%(先前介于6%和7%之间),自由现金流介于5,000万欧元至1亿欧元之间(先前为8,000万至1.2亿欧元之间),”该公司补充说。


French IT services giant Sopra Steria said today in an official statement that the October Ryuk ransomware attack will lead to a loss of between €40 million and €50 million.

Sopra Steria is a European information technology firm with 46,000 employees in 25 countries providing a large array of IT services, including consulting, systems integration, and software development.

"The remediation and differing levels of unavailability of the various systems since 21 October is expected to have a gross negative impact on the operating margin of between €40 million and €50 million," Sopra Steria said. "The Group’s insurance coverage for cyber risks totals €30 million."

The October Ryuk attack

Sopra Steria published a statement on October 21st regarding a cyberattack that hit its network on the evening of October 20th but did not provide details on who was behind the attack.

However, BleepingComputer had info from a source familiar with the attack that the French IT services firm was hit by the Ryuk ransomware group who also encrypted the systems of Universal Health Services in September.

When BleepingComputer reached out to Sopra Steria for further details and confirmation of the Ryuk attack, we were told that they "don’t have further details to share."

A week later, Sopra Steria confirmed in a statement sent to BleepingComputer that it was indeed a Ryuk attack using a new version of Ryuk ransomware.

"Moreover, it has also been established that the cyberattack was only launched a few days before it was detected," Sopra Steria also told BleepingComputer.

No data leaked after the ransomware attack

The ransomware attack was blocked by Sopra Steria"s in-house security and IT teams which contained the ransomware to "a limited part of the Group’s infrastructure" thus protecting the company"s data, as well as its customers and partners.

a

"At this stage, Sopra Steria has not identified any leaked data or damage caused to its customers’ information systems," Sopra Steria said.

The recovery process started by the company on October 26th is almost complete, with access restored to nearly all "workstations, R&D and production servers, and in-house tools and applications."

"After including the items mentioned above, for financial year 2020 Sopra Steria expects to see negative organic revenue growth of between 4.5% and 5.0% (previously "between -2% and -4%"), an operating margin on business activity of around 6.5% (previously "between 6% and 7%"), and free cash flow of between €50 million and €100 million (previously "between €80m and €120m")," the company added.

Cognizant, one of the largest IT managed services company in the world, also said it expected losses of between $50 million to $70 million following a Maze ransomware attack from April 2020.

Aluminum manufacturing giant Norsk Hydro said, one week after disclosing a LockerGoga ransomware attack that sent the company into partial manual mode operations, that the "preliminary estimated financial impact for the first full week" after the attack was in the NOK 300-350 million range (between $33 and $39 million).

声明:本文来自CyberRisk赛伯瑞斯克,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。