Maze Group Wages Ransomware Attack on Cognizant

A ransomware attack has thrown operations at New Jersey company Cognizant into disarray, compromising internal systems. 

The IT services provider confirmed on April 18 that it had fallen victim to a ransomware attack perpetrated by the threat group Maze. Services to some of the company's clients have been affected by the incident. 

Maze group has earned a reputation for exfiltrating data from its victims and publishing that data online should its targeted cash cow refuse to moo up the ransom payment. 

In a statement published on its website last Saturday, Cognizant wrote: "Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack.

"Our internal security teams, supplemented by leading cyber defense firms, are actively taking steps to contain this incident."

Cognizant confirmed that "the appropriate law enforcement authorities" had been made aware of the incident. 

On Sunday, April 19, the company posted an update to its cybersecurity incident notification statement, adding that it had been in contact with its customers to warn them of the dangers posed by the attack.

"We are in ongoing communication with our clients and have provided them with Indicators of Compromise (IOCs) and other technical information of a defensive nature," wrote Cognizant.

Cognizant is a Fortune 500 company that provides on-premises and cloud-hosted IT services and IT consultancy services. Among Cognizant's clients are several high-value customers in the banking, healthcare, and manufacturing industries. 

Commenting on the attack, Jonny Milliken, director of Security research & SOC at Cygliant, said size is no guarantee of safety when it comes to ransomware attacks.

“Threat actors are constantly probing businesses of all sizes for weaknesses," said Milliken. "Even organizations which measure revenue in the billions can fall prey to dedicated attackers—another cautionary tale for us all to be vigilant in our cyber defenses.”

Under the Breach has speculated that Maze purchased access to Cognizant's data from a hacker who was advertising the sale of access to a huge IT company's data for $200k. The ad was posted on April 11 and removed the day before the ransomware attack on Cognizant.

What’s Hot on Infosecurity Magazine?