Security Experts:

Financial Impact of Ransomware Attack on Sopra Steria Could Reach €50 Million

European IT services provider Sopra Steria estimates that a recent ransomware attack will have a financial impact ranging between €40 million ($48 million) and €50 million ($60 million).

Sopra Steria revealed one month ago that some of its systems were infected with a new variant of the Ryuk ransomware, which is believed to have been used by Russian cybercriminals.

The intrusion was detected on October 20, but the company’s investigation revealed that the attackers had only been in its systems for a few days before the breach was discovered, which is not surprising for attacks involving Ryuk.

In a statement released this week, the company said its IT and cybersecurity teams moved quickly to contain the attack and claimed that the malware only hit a “limited part” of its infrastructure.

“The secure remediation plan launched on 26 October is nearly complete. Access has progressively been restored to workstations, R&D and production servers, and in-house tools and applications. Customer connections have also been gradually restored,” Sopra Steria said.

Nevertheless, the company estimates that remediation efforts and the unavailability of various systems due to the incident will cost it up to €50 million ($60 million), of which €30 million ($36 million) should be covered by insurance. The firm says sales activity for the fourth quarter should not be significantly impacted by the ransomware attack.

“After including the items mentioned above, for financial year 2020 Sopra Steria expects to see negative organic revenue growth of between 4.5% and 5.0% (previously ‘between -2% and -4%’), an operating margin on business activity of around 6.5% (previously ‘between 6% and 7%’), and free cash flow of between €50 million and €100 million (previously ‘between €80m and €120m’),” Sopra Steria explained.

Sopra Steria offers a wide range of IT services, including consulting, technology, software, system integration, business process, infrastructure management and cybersecurity. The company says it has 46,000 employees across 25 countries.

Related: Norsk Hydro Says Cyber Attack Cost It Around $50 Mln

Related: NotPetya Attack Costs Big Companies Millions

Related: Payouts From Insurance Policies May Fuel Ransomware Attacks

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.