Royal attacks Groupe Sovitrat Interim and Recrutement

Incident Date:

May 26, 2023

World map



Royal attacks Groupe Sovitrat Interim and Recrutement


Groupe Sovitrat Interim and Recrutement




Dunkirk, France

, France

First Reported

May 26, 2023

Groupe Sovitrat Interim and Recrutement Hit by Ransomware Attack

Groupe Sovitrat Interim and Recrutement, a French recruitment agency headquartered in Dunkirk, has been hit with a ransomware attack. Royal ransomware group posted Groupe Sovitrat Interim and Recrutement to its data leak site on May 26. Royal Ransomware claims to have stolen 158GB of data. Groupe Sovitrat Interim and Recrutement has not confirmed or denied the incident, and it’s not clear what Royal is demanding as ransom or when it needs to be paid by.

Groupe Sovitrat Interim and Recrutement is a human resources company that employs 135 people, has an annual revenue of $19m, and is headquartered in Dunkirk, France.

Royal Ransomware Group Background

Royal ransomware group was first identified in September 2022 and is believed to be an offshoot of an older ransomware family known as Zeon, which first appeared in January 2022. The group is believed to be made up of former members of the Conti ransomware group, which is famous for its secrecy.

Royal ransomware often targets critical infrastructure organizations, such as those operating in manufacturing and healthcare sectors. The group harasses organizations to encourage them to pay ransoms, employing techniques such as mass printing ransom notes and emailing victims.

The US Department of Health and Human Services issued a warning about the threat Royal poses to the healthcare sector in January 2023.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.