September 25, 2023

IT services provider Sopra Steria has confirmed that it was hit by a “new version” of the Ryuk ransomware that was “previously unknown to antivirus software providers and security agencies”.

The French-headquartered company detected the cyberattack on 20 October and made it public the following day.

Rreports pointed to hackers using Ryuk ransomware to target Sopra Steria’s Active Directory infrastructure. This saw some IT systems encrypted and payment demanded to unlock them.

Sopra Steria said it has made the virus signature of the new Ryuk ransomware strain available to “all antivirus software providers” so that they can update their defences.

Sopra Steria said that the ransomware attack was launched “a few days before it was detected”, which meant the virus was contained to a “limited part of the Group’s infrastructure”.

It has been revealed that Ryuk operators exploited the Netlogon vulnerability CVE 2020-1472 which hits the domain controllers and exfilterates the data. Microsoft released the patch for this Exploit in August

The company, which provides IT outsourcing services to the NHS and Home Office, said it has not identified any leaked data or damage to client networks.

It may take few weeks for services to up across geographies.

Tags:

Leave a Reply

You may have missed

BlackCat adds Clarion to its Victim list

September 24, 2023

TheCyberThrone Security Week In Review – September 23, 2023

September 24, 2023

MGM Resorts and Ceasars Attacks – Lesson Learnt

September 23, 2023

CISA KEV Update September 2023 – Part II

September 23, 2023

Air Canada Reveals Data Exposure due to a Cyberattack

September 23, 2023

SandMan APT Group in action against Telcos

September 22, 2023
%d bloggers like this: