French based Sopra Steria a European IT service provider reported that on October 21st it detected an intrusion on its IT network on October 20th. The IT giant was targeted in a cyberattack that involved a new variant of the Ryuk ransomware. This variant is allegedly to be “previously unknown to antivirus software providers and security agencies.
Sopra Steria was able to quickly make this new version’s virus signature available to all antivirus software providers, in order for them to update their antivirus software,” the company said. It was also been established that the cyberattack was only launched a few days before it was detected.
The DFIR Report recently reported that in one of the attacks it observed, it took only 29 hours between the first attack email being sent until the system became fully compromised and encrypted.
What to do:
Ensure your anti-virus, firewall and other cyber defense software is up to date and actively implemented. Perform routine inspections to ensure the network has not been compromised.
What can you do to when this happens to you?
Immediately shut down the network and identify the breach point and malicious actor (s). Reinstate the network to the last know clean back-up.