Sopra Steria cyber attack costs to hit €50 million

The NHS supplier fell victim to Ryuk ransomware last month

IT services giant Sopra Steria has announced that last month’s cyber attack on its systems is likely to cost the company up to €50 million.

In an update published on its website, the NHS supplier admitted that the ransomware attack would negatively impact its gross operating margin by between €40 million (£35.6m) and €50 million (£44.5m).

The French company also revealed that its insurance coverage for cyber risks totals €30 million (£26.7m). IT Pro contacted its representatives about the details of the insurance coverage but is yet to hear back from the company.

Sopra Steria stated that the large costs of the cyber attack, a new variant of the infamous Ryuk ransomware, can be attributed to “the remediation and differing levels of unavailability of the various systems since 21 October”, the day when the incident was detected.

However, the IT services giant added that “sales activity for the fourth quarter should not be significantly affected by this event”.

“For financial year 2020, Sopra Steria expects to see negative organic revenue growth of between 4.5% and 5.0% (previously “between -2% and -4%”), an operating margin on business activity of around 6.5% (previously “between 6% and 7%”), and free cash flow of between €50 million and €100 million (previously “between €80m and €120m”),” it said.

Ryuk is a popular strain of malware which last month was reported to be targeting some 20 organisations a week as well as forcing a number of US hospitals offline. It is believed to have compromised Sopra Steria's Active Directory infrastructure and encrypted portions of the company's network.

However, according to the company, the attack was “rapidly blocked thanks to in-house IT and cyber security teams”.

“The measures implemented immediately made it possible to contain the virus to only a limited part of the Group’s infrastructure and to protect its customers and partners,” it added.

Sopra Steria also confirmed that the incident had not caused any further breach of data, saying that it had not identified “any leaked data or damage caused to its customers’ information systems”.

Since the cyber attack, the company has managed to restore access to its workstations, R&D and production servers, in-house tools and applications, as well as customer connections.

Featured Resources

The ultimate guide to business connectivity in field services

A roadmap to increased workplace efficiency

Free download

The definitive guide to migrating to the cloud

Migrate apps to the public cloud with multi-cloud infrastructure solutions

Free download

Transform your network with advanced load balancing from VMware

How to modernise load balancing to enable digital transformation

Free download

How to secure workloads in hybrid clouds

Cloud workload protection

Free download

Recommended

Large companies fall short on domain security
cyber security

Large companies fall short on domain security

28 Sep 2021
HPE GreenLake takes aim at data protection and analytics
data protection

HPE GreenLake takes aim at data protection and analytics

28 Sep 2021
Hackers spoof Zix in credential phishing attack
phishing

Hackers spoof Zix in credential phishing attack

28 Sep 2021
Women and BAME individuals are hardest hit by cyber crime
cyber crime

Women and BAME individuals are hardest hit by cyber crime

28 Sep 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

17 Sep 2021
100 million IoT devices affected by zero-day flaw
Internet of Things (IoT)

100 million IoT devices affected by zero-day flaw

24 Sep 2021
Qnap TS-h3088XU-RP review: Super-dense SSDs at a great price
flash storage

Qnap TS-h3088XU-RP review: Super-dense SSDs at a great price

27 Sep 2021