IT services giant Cognizant has admitted that a ransomware attack it suffered back in April may end up costing the company as much as $70m.
The firm announced revenue of $4.2bn for the first quarter of 2020, an increase of 2.8% year-on-year. In this context, the $50-70m hit it expects to take in Q2 from the ransomware attack will not make a huge impact on the company.
However, the big numbers involved are illustrative of the persistent financial threat posed by ransomware, not to mention the reputational impact on customers.
CEO Brian Humphries claimed on an earnings call that the company responded immediately to the threat, proactively taking systems offline after some internal assets were compromised. However, the resulting downtime and suspension of some customer accounts took their toll financially.
“Some clients opted to suspend our access to their networks,” he explained. “Billing was therefore impacted for a period of time, yet the cost of staffing these projects remained on our books.”
Remote workers were also affected as the attack hit the firm’s system for supporting its distributed workforce during the current pandemic.
It does appear, however, that on this occasion the Maze attackers were not able to steal sensitive internal data from Cognizant servers, as is usually the case with high-profile victims of the gang.
Nobody wants to be dealt with a ransomware attack,” Humphries said on the call. “I personally don't believe anybody is truly impervious to it, but the difference is how you manage it, and we tried to manage it professionally and maturely.”
Maze was in action most recently to target a Minnesotan egg supplier, one of the country’s largest.
Victim organizations are estimated to have paid out in excess of $6bn to ransomware attackers last year, but the real cost could be many times more, according to Emsisoft.