Tip Sheet: How to stop a ransomware attack against your MSP businessSopra Steria, a French IT services firm and MSP that specializes in digital transformation, has experienced a Ryuk ransomware attack that could trigger up to €50 million ($59 million) in recovery costs, according to BankInfoSecurity. The company also will receive a $35 million cyber insurance payout following the ransomware attack and does not expect the incident to impact its fourth-quarter sales results.Sopra Steria discovered the Ryuk attack on October 20, the company said. Cybercriminals used Ryuk to steal Sopra Steria's data and lock its database during the attack.After Sopra Steria identified the Ryuk attack, the company implemented security measures to contain the attack and protect its customers and partners. Sopra Steria did not identify any leaked data or damage caused to its customers' information systems as a result of the Ryuk attack.
Sopra Steria delivers consulting, digital services and software development to European organizations. The company reported total revenue of €4.4 billion ($5.2 billion) last year.
Ryuk Ransomware: Earlier Attacks
In addition to Sopra Steria, several other organizations recently have experienced Ryuk ransomware attacks, including:
Universal Health Services (UHS): A ransomware attack caused temporary disruptions to certain aspects of UHS's clinical and financial operations; various media reports have linked the cyberattack to Ryuk.
Durham Government Agencies: Cybercriminals used Ryuk to attack city and county governments in Durham, North Carolina; internal employees may have spread Ryuk by clicking on infected emails.
Emcor: A Ryuk attack forced the Fortune 500 company to temporarily shut down its IT systems and implement business continuity plans.
Ryuk is a form of ransomware that leverages encryption to block access to a system, device or file until a ransom is paid. It enables a threat actor to identify and attack an organization's critical network systems and may go undetected for several days or months following an initial infection.
Ransomware Attacks Target MSPs, IT Service Providers
Meanwhile, IT service providers and MSPs remain prime targets for ransomware attacks, since their systems often host or interconnect to numerous end-customer systems. Many of the attacks involve stealthy approaches that hide from anti-virus tools, Huntress Labs notes.The U.S. Secret Service has warned IT service providers and consulting firms about ongoing cyberattacks. The warning indicated that threat actors are increasingly targeting point-of-sale (POS) systems and performing business email compromise (BEC) and ransomware attacks.Recent MSP and IT consulting ransomware attack victims include:
Cognizant, which suffered $50 million to $70 million in lost revenue related to the attack.
Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.
Widely known personal data leak platform Doxbin was reported by vx-underground to have been purportedly compromised by the Tooda cybercrime group as payback for having one of its members accused of being a pedophile by the leak site's admins, according to Cybernews.
Operations of several critical services at Michigan's Sault Ste. Marie Tribe of Chippewa Indians, also known as Sault Tribe, have been interrupted by a ransomware intrusion on Sunday, which took down numerous computer and phone systems, according to The Record, a news site by cybersecurity firm Recorded Future.