Sopra Steria, a major IT services company, reported that a Ryuk ransomware attack may cost them up to $60 million. The attack, which targeted corporate networks, involved searching for vulnerabilities and planning cyber-attacks, leading to significant financial losses and disruptions.
Source: https://www.infosecurity-magazine.com/news/alleged-ryuk-initial-access-broker/
TPRM report: https://scoringcyber.rankiteo.com/company/soprasteria
"id": "sop526062025",
"linkid": "soprasteria",
"type": "Ransomware",
"date": "6/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'location': '71 countries',
'type': 'Large organizations'}],
'attack_vector': 'Initial Access Broker',
'date_detected': '2023-11-01',
'date_publicly_disclosed': '2025-04-01',
'description': 'A 33-year-old man, believed to be an initial access broker '
'for the Ryuk ransomware operation, was arrested and '
'extradited to the United States. The operation was a result '
'of international cooperation involving multiple law '
'enforcement agencies.',
'impact': {'systems_affected': ['250 servers belonging to large organizations '
'in 71 countries']},
'initial_access_broker': {'high_value_targets': 'Corporate networks of victim '
'enterprises'},
'investigation_status': 'Ongoing',
'motivation': 'Financial',
'ransomware': {'ransomware_strain': ['Ryuk',
'LockerGoga',
'MegaCortex',
'Hive',
'Dharma']},
'references': [{'date_accessed': '2025-04-01',
'source': 'Office of the Prosecutor General of Ukraine'},
{'date_accessed': '2025-04-01',
'source': 'Ukraine’s National Police'}],
'response': {'law_enforcement_notified': True},
'threat_actor': 'Ryuk ransomware operation',
'title': 'Arrest of Initial Access Broker Linked to Ryuk Ransomware Operation',
'type': 'Ransomware'}