{
	"id": "0225a9dc-289d-4226-a7ce-dde99f706ef2",
	"created_at": "2026-04-06T00:09:47.654319Z",
	"updated_at": "2026-04-10T13:11:35.162295Z",
	"deleted_at": null,
	"sha1_hash": "24a791d6b3de279cdadd2cf2e77a4939fb1aba17",
	"title": "French IT giant Sopra Steria hit by Ryuk ransomware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2416880,
	"plain_text": "French IT giant Sopra Steria hit by Ryuk ransomware\r\nBy Lawrence Abrams\r\nPublished: 2020-10-22 · Archived: 2026-04-05 13:27:28 UTC\r\nFrench IT services giant Sopra Steria suffered a cyberattack on October 20th, 2020, that reportedly encrypted portions of\r\ntheir network with the Ryuk ransomware.\r\nSopra Steria is a European information technology company with 46,000 employees in 25 countries worldwide. The\r\ncompany provides a wide range of IT services, including consulting, systems integration, and software development.\r\nOn October 21st, Sopra Steria issued a statement that they had suffered a cyberattack on the evening of October 20th, but\r\nprovided few details about the attack.\r\nhttps://www.bleepingcomputer.com/news/security/french-it-giant-sopra-steria-hit-by-ryuk-ransomware/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/french-it-giant-sopra-steria-hit-by-ryuk-ransomware/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\n\"A cyberattack has been detected on Sopra Steria’s IT network on the evening of 20th October.\r\nSecurity measures have been implemented in order to contain risks.\r\nThe Group’s teams are working hard for a return to normal as quickly as possible and every effort has been made to ensure\r\nbusiness continuity.\r\nSopra Steria is in close contact with its customers and partners, as well as the competent authorities.\"\r\nReported Ryuk ransomware attack\r\nA source familiar with the attack has told BleepingComputer that the Sopra Steria network was encrypted by Ryuk\r\nransomware, the same group that infected the Universal Health Services.\r\nNumerous sources have also told the French IT website LeMagIT that it was Ryuk ransomware threat actors who were\r\nbehind the attack.\r\nIf you have first-hand information about this or other unreported cyberattacks, you can confidentially contact us on Signal\r\nat +16469613731 or on Wire at @lawrenceabrams-bc.\r\nThis hacking group is known for its TrickBot and BazarLoader infections that allow threat actors to access a compromised\r\nnetwork and deploy the Ryuk or Conti ransomware infections.\r\nBazarLoader is increasingly being used in Ryuk attacks against high-value targets due to its stealthy nature and is less\r\ndetected than TrickBot by security software.\r\nWhen installed, BazarLoader will allow threat actors to remotely access the victim's computer and use it to compromise the\r\nrest of the network.\r\nAfter gaining access to a Windows domain controller, the attackers then deploy the Ryuk ransomware on the network to\r\nencrypt all of its devices, as illustrated in the diagram above.\r\nWhen we reached out to Sopra Steria for further confirmation, we were told that they \"don’t have further details to share.\"\r\nhttps://www.bleepingcomputer.com/news/security/french-it-giant-sopra-steria-hit-by-ryuk-ransomware/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/french-it-giant-sopra-steria-hit-by-ryuk-ransomware/\r\nhttps://www.bleepingcomputer.com/news/security/french-it-giant-sopra-steria-hit-by-ryuk-ransomware/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia",
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/french-it-giant-sopra-steria-hit-by-ryuk-ransomware/"
	],
	"report_names": [
		"french-it-giant-sopra-steria-hit-by-ryuk-ransomware"
	],
	"threat_actors": [],
	"ts_created_at": 1775434187,
	"ts_updated_at": 1775826695,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/24a791d6b3de279cdadd2cf2e77a4939fb1aba17.pdf",
		"text": "https://archive.orkl.eu/24a791d6b3de279cdadd2cf2e77a4939fb1aba17.txt",
		"img": "https://archive.orkl.eu/24a791d6b3de279cdadd2cf2e77a4939fb1aba17.jpg"
	}
}