Thought Leadership
French IT service provider Atos continues to face questions surrounding the suspected ransomware incident by the Space Bears group. While the company continues to deny any direct attack on its own systems, there are growing indications that a ransom was paid for compromised data.
Atos had already admitted at the beginning of January that data relating to the company was located on a “compromised infrastructure of a third-party provider”. The company has so far kept details of the type and scope of this data and the identity of the third-party provider concerned under wraps. In a statement, Atos merely emphasized: “This infrastructure contained data that mentioned the Atos company name, but it is neither managed nor secured by Atos.”
Ransom demand apparently fulfilled
Now that the payment deadline set by the Space Bears on January 7 has passed, there are indications that a ransom has been paid. This information comes from a LinkedIn post by a journalist from Süddeutsche Zeitung, who attached a screenshot of the darknet post with the badge “sold”. Who ultimately transferred the ransom – Atos itself, the affected third-party provider or another party – remains unclear for the time being.
The situation is particularly explosive due to Atos’ position in the European IT sector. With 95,000 employees, the company is one of the largest IT service providers in Europe and manages numerous critical infrastructures. A successful cyberattack, whether direct or indirect, could therefore have far-reaching consequences.
The Space Bears ‘ original allegations of a direct ransomware attack on Atos systems emerged at the end of December 2024. The company immediately dismissed these as “unfounded” and emphasized that neither source code nor proprietary company data had been compromised. However, the latest developments raise new questions about the actual scope of the incident.
