Recently, Cognizant revealed that it had faced a ransomware attack and has caused disruptions to its clients. Read on to know more about it…
Recently, Cognizant has revealed that it was hit by the infamous Maze ransomware, suffering a severe cyber attack that caused service disruptions to some of its clients. With a market cap of $29.5 billion — Cognizant, is one of the largest tech and consulting companies and offers IT consulting to various Fortune 500 companies located in the United States. Cognizant employs close to 300,000 employees mostly based in India.
The Maze ransomware was first discovered last year in May. In October 2019, it became more aggressive and more public. The Federal Bureau of Investigation (FBI) also privately warned businesses in December 2019 of an increase in Maze-related ransomware incidents and issued an alert warning to U.S. companies about the Maze tactic of threatening to release company information.
Damage Control
Cognizant released a statement on its official website. “Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack,”
For the moment though, no Cognizant data has been advertised for sale or published online. “Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack,” Cognizant’s official statement read.
Cognizant added that it is taking stock of the incident and said it is communicating with clients on the measures to be taken by them. “Our internal security teams, supplemented by leading cyber defense firms, are actively taking steps to contain this incident. Cognizant has also engaged with the appropriate law enforcement authorities. We are in ongoing communication with our clients and have provided them with Indicators of Compromise (IOCs) and other technical information of a defensive nature.”
Cognizant has not yet been named on a website that is associated with Maze attackers. The website has named other companies in the past for failing to comply with Maze related ransomware demand.
While Maze operators have denied any association with this attack, independent security experts have suggested that it has indeed been carried out by the Maze group.
Working Mechanism & Motive
Maze is not a typical ransomware that takes hostage a system or a network in exchange of an amount. It works in three steps, which encrypt, exfiltrate and extort. To put it simply, it spreads around a network using special exploit kits to take hold of any data in its path. It then downloads the data on attackers’ servers before demanding ransom from the victim.
Unlike other ransomware that just kicks the user out of the system after encrypting data, Maze spreads through the network while locking out the users and also exports the data to hackers’ servers, with this data later used to extract funds in case the victim decides against paying a ransom.
Typically the goal of any ransomware attack is to infect computers in a network and encrypt files on these computers and then demand a ransom to recover the files. Maze, however is different, according to experts. The attacker in this case has the ability to exfiltrate or transfer the data onto his or her server. The data is then held on this server until a ransom is paid to recover it. If the victim does not pay the ransom, the attackers then publish the data online.