French IT Giant Atos Investigating Reported Ransomware Attack

French tech giant Atos has dismissed claims that its systems were compromised by the Space Bears ransomware group, stating no evidence of a breach or ransom demand has been found.  

The cybersecurity team is “actively investigating” the matter and pledged updates if the situation changes in a December 28 statement:  

“At this stage, the initial analysis shows no evidence of any compromise or ransomware affecting any Atos/Eviden systems in any country, and no ransom demand has been received to date,” IT Pro reports the company as stating.  

Space Bears, a ransomware group linked to Phobos Ransomware as a Service (RaaS), emerged in April 2023 and has attacked at least 34 victims globally, including Canadian automation firm JRT Automatisation and Indian loan provider Aptus.  

Known for tactics like double extortion and public “walls of shame,” Space Bears uses corporate imagery to amplify reputational damage. “The sophisticated and polished online presence of Space Bears…suggests a well-coordinated international cybercriminal network,” noted Halcyon researchers.

Atos, a leading cybersecurity and cloud computing provider with $10.4 billion in annual revenue, has previously faced cyber incidents, including the 2018 Olympic Destroyer attack and a 2023 Cl0p-linked vulnerability exposure. Despite the current allegations, Atos maintains its systems remain secure.

Takeaway: Space Bears, a ransomware group that surfaced in April 2024, has rapidly gained attention for its aggressive tactics and distinctive approach to cyber extortion.  

Aligned with the Phobos ransomware-as-a-service (RaaS) network, the group employs sophisticated double extortion methods, encrypting victims' data while simultaneously threatening to release sensitive information unless ransom demands are met.  

Their operations include hosting data leak sites on both the dark web and the clearnet, where they publicize stolen information to increase pressure on their targets.

What sets Space Bears apart is its corporate-themed presentation, characterized by the use of professional stock images and a "wall of shame" designed to publicly disgrace victims. This calculated strategy amplifies reputational risk, adding another layer of coercion.  

Their polished online presence and dual-platform operations reflect a high level of organization and possibly significant financial backing, pointing to a well-coordinated international cybercriminal network.

In its early campaigns, Space Bears demonstrated global reach and strategic targeting. By April 2024, the group had claimed seven victims across Germany, Norway, the United States, and South Africa.  

By July, they reportedly targeted three Canadian entities: Haylem, a developer of educational software; Un Museau Vaut Mille Mots, an orthophonics clinic; and Lexibar, a language disorder treatment provider.  

The group threatened to expose sensitive financial and personal data within set deadlines, underscoring their calculated, high-pressure tactics.

‍

Halcyon.ai eliminates the business impact of ransomware. Modern enterprises rely on Halcyon to prevent ransomware attacks, eradicating cybercriminals’ ability to encrypt systems, steal data, and extort companies – talk to a Halcyon expert today to find out more and check out the Halcyon Attacks Lookout resource site. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.