back to article Sopra Steria: Adding up outages and ransomware cleanup, Ryuk attack will cost us up to €50m

Sopra Steria has said a previously announced Ryuk ransomware infection will not only cost it "between €40m and €50m" but will also deepen expected financial losses by several percentage points. The admission comes weeks after the French-headquartered IT outsourcing firm's Active Directory infrastructure was compromised by …

  1. Potemkine! Silver badge
    IT Angle

    Having technical details on how their AD was infected and what they did to clean up would be useful for everyone. Much more than financial data, unless El Reg wants to become the new WSJ?

  2. Mike 137 Silver badge

    30M insurance, 50M cost

    Once again, I see the same pattern emerging. Risk assessments that over-estimate likelihoods but under-estimate consequences. The most important failing is usually failure to aggregate all the consequential costs, as these can appear at several stages past the event (clean up, down time, restoration, liability defence costs &c.).

    An organisation I consulted with a while back had a minor malware infection that they were slow to control the spread of. It did no actual damage other than a bit of day to day business disruption - all that was needed was some restores from backups. However the process of identifying, controlling and recovering from it took about four weeks and tied up the entire senior IT team - total cost in the region of $2M.

  3. 0laf Silver badge
    Childcatcher

    Having an insurance policy isn't the same as insurance paying out in the event you make a claim.

    Ransomware taking out a large business smacks of a company paying lip service to the risk, not preparing for a known attack and probably not training staff to not click on phishing emails. Admittedly this may have been a targetted attack with well crafted emails but the characteristics of ransomware are well known, not new and mitigations can be put in place.

    I would suspect the insurers will be investigating many ways to get out of paying.

    If you have house insurance they won't pay out for a burglary if you don't lock your doors. I don't imagine cyber insurance will pay out if you haven't carried out best practice. TBh I don't know anyone that does, not really.

    1. Snorlax

      Having an insurance policy isn't the same as insurance paying out in the event you make a claim.

      This. Anybody who’s ever made a car or home insurance claim knows what slippery, devious f***ers insurance companies are.

      If data is exfiltrated and published by the attacker (e.g. Maze), you can start thinking about how big your GDPR fine might be...

    2. MJB7

      Training

      "training staff to not click on phishing emails" - I don't doubt the insurance company will try and avoid paying out because of the lack of training, but we know that (to a first approximation) such training doesn't work. Training staff not to use email from privileged accounts is much more likely to be useful.

      1. 0laf Silver badge

        Re: Training

        If training is a mitigation against the fines it's worth doing, considering how large the fines for GDPR are (at least the point of issue). It may only be marginally effective against the attack but even a small number of avoided minor incidents can easily make the training economically worth while especially if it is effective in stopping staff clicking on shit at home then taking days off to fix their mess.

        The ICO expects DP training to be given to 95% of staff annually. Right down to your cleaning staff who may encounter presonal informaiton when clearing desks etc.

      2. Lotaresco Silver badge

        Re: Training

        Training staff not to use email from privileged accounts is much more likely to be useful.

        Privileged accounts should not have access to email.

    3. Velv
      Boffin

      Underinsured

      Insurance companies often have tricky wording to limit pay outs where the policy holder is underinsured.

      Sopra may be insured for £30m (i.e. that is the maximum they expect the insurance to pay out in the event of a loss), but they claim they're losses are £50m. Taking the Insurance company words, they underinsured at 3/5ths, so they will only pay out 3/5ths the insured value, £18m.

  4. macjules Silver badge

    Ryuk attack will cost us up to €50m

    Sopra Steria: Adding up outages and ransomware cleanup, Ryuk attack will cost our customers up to €100m

    FTFY

  5. Anonymous South African Coward Silver badge

    The name Sopra Steria reminds me of something to do with sterilization for some reason...

  6. pc-fluesterer.info
    Linux

    lesson learned?

    and, lesson learned? Any inference?

    Or just "more of the same"? So goes the American proverb: If brute force didn't solve your problem, you didn't use enough of it. ...

    Ever thought of a change of paradigm?

    Not only put money on prevention, but migrate to FOSS.

    1. Giles C Silver badge

      Re: lesson learned?

      Ransomware attacks exist on Linux as well as Windows,

      So migrating the platform won’t be any better unless you put the money into training support and proper system management.

      1. pc-fluesterer.info
        Linux

        Linux is immune (was: Re: lesson learned?)

        "Ransomware attacks exist on Linux as well as Windows" - WRONG.

        Please give us one example - only one, pleeeease! - of an attack vector similar to those in the M$ biotope. A malware attack similar to those under Windows is IMPOSSIBLE against a Linux (or xBSD) desktop and network. You always need a maliciuos insider (such as 'evil maid') and/or severe blunder of system management.

        Web servers are even more endangered. Why do the majority of web servers world wide run on Linux or xBSD? All successful attacks against Linux/xBSD web servers I know of were based on administrators errors (weak password and the like) and/or security holes in application SW (CMS, shop, database, ...). Which again is an administrative or system management error: Available patches not applied. NEVER was a weakness in the underlying OS Linux or xBSD part of the attack vector - in all cases I know of. Do you know better?

        To make that clear: I am talking about the usual mass attacks. If you are target of a governmental "service" - they find their way sooner or later, so good luck! :-)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021