The cyberattack against Sopra Steria has had a global impact on the IT services provider and will take “several weeks” to recover from, Verdict has learned.

The French-headquartered firm, which provides outsourcing services to the NHS, was hit by a suspected ransomware attack late on Tuesday. The company confirmed the attack the following day but has so far remained tight-lipped on details.

Internal emails, seen by Verdict, show how the company believes it will “inevitably take several weeks” to return to normal operations.

A “progressive recovery” will start from “the beginning of next week”, one email stated.

In a company-wide email sent on Wednesday, Sopra Steria Group CEO Vincent Paris said:

“I want to inform you that Sopra Steria Group has been subject to a cyber attack hitting all our geographies, since yesterday evening.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

“Our teams are working hard to set up security measures likely to impact your activity.”

Sopra Steria believes the cyberattack is “recent” and that it was “detected very quickly”.

The emails also reveal that Sopra Steria “immediately” set up a crisis unit where leaders across the many subsidiaries report in with daily updates.

French media reported on Wednesday that hackers targeted Sopra Steria’s Active Directory infrastructure, which saw some IT systems encrypted and payment demanded to unlock them.

Further reports suggest the infamous Ryuk ransomware gang is behind the attack, although this is yet to be confirmed.

Sopra Steria cyberattack: Were backups in place?

Verdict understands that not all subsidiary IT systems are affected. It is unclear at this time which subsidiaries remain unaffected and whether any employee or customer data was compromised.

However, employees are being told to not use OnePortal, the company network used for HR, training and timesheets, “for the time being” and instructed to not use VPN to connect to the network “at this time”.

Jake Moore, cybersecurity specialist at ESET and a former police digital forensics officer, told Verdict that the stated recovery time could suggest Sopra Steria did not have a full backup in place.

“It sounds like the backup either failed or was not set up correctly. Either way, they are unlikely to have tested it.”

He added: “No one is immune to these attacks but there are plans that can be put in place to mitigate and reduce the damaging aftermath.”

Sopra Steria provides a number of IT services to the UK government, including visa and citizenship application service centres.

This week the outsourcer was awarded a £500m framework as part of its joint venture with the UK’s Department of Health and Social Care. It will see the two parties allocate funds to technology suppliers to provide the NHS with services such as accounting, payroll and managed IT.

Sopra Steria’s long list of clients also includes HSBC, RBS, Huyndai Capital and the Bank of China.

Verdict has approached Sopra Steria for comment.


Read more:  Sopra Steria wins Home Office contract to digitise passport applications