Groupe Sovitrat Interim and Recrutement Hit by Ransomware Attack

Groupe Sovitrat Interim and Recrutement, a French recruitment agency headquartered in Dunkirk, has been hit with a ransomware attack. Royal ransomware group posted Groupe Sovitrat Interim and Recrutement to its data leak site on May 26. Royal Ransomware claims to have stolen 158GB of data. Groupe Sovitrat Interim and Recrutement has not confirmed or denied the incident, and it’s not clear what Royal is demanding as ransom or when it needs to be paid by.

Groupe Sovitrat Interim and Recrutement is a human resources company that employs 135 people, has an annual revenue of $19m, and is headquartered in Dunkirk, France.

Royal Ransomware Group Background

Royal ransomware group was first identified in September 2022 and is believed to be an offshoot of an older ransomware family known as Zeon, which first appeared in January 2022. The group is believed to be made up of former members of the Conti ransomware group, which is famous for its secrecy.

Royal ransomware often targets critical infrastructure organizations, such as those operating in manufacturing and healthcare sectors. The group harasses organizations to encourage them to pay ransoms, employing techniques such as mass printing ransom notes and emailing victims.

The US Department of Health and Human Services issued a warning about the threat Royal poses to the healthcare sector in January 2023.