Information technology services giant Cognizant has become the latest company to fall victim to a ransomware attack amid the COVID-19 pandemic. In a press release posted Saturday, the tech firm said it had been hit by a cyber-attack allegedly launched by operators of the Maze ransomware.
The security incident, which compromised the internal systems of the company, caused service disruptions to some of its clients. In response, the N.J.-based firm said its internal security teams, along with the help of leading cybersecurity firms, are “actively taking steps to contain” the attack.
In addition to this, the firm also ensured it has already notified all the clients involved and is actively engaging with law enforcement.
“We are in ongoing communication with our clients and have provided them with Indicators of Compromise (IOCs) and other technical information of a defensive nature,” the release noted.
As early as Friday, clients of Cognizant received notification emails containing a preliminary list of IOCs identified through Cognizant’s investigation. According to Bleeping Computer, among the IOCs listed include the “IP addresses of servers and file hashes for the kepstl32.dll, memes.tmp, and maze.dll files.”
Founded in 1994, Cognizant operates as an IT consultant and digital solutions provider. To date, with roughly $15 billion in revenue and over 300,000 employees, the firm stands as one of the largest IT managed services company in the world.
Unlike typical data-encrypting ransomware, which works by encrypting all files then demanding ransom from victims to recover the files, Maze works by stealing the data of its victims first before encrypting them to be held for ransom.
“It’s a very bad state of affairs for the victims,” explained Brett Callow, a threat analyst from the tech company Emsisoft, during an interview CRN. “A company that is attacked in this way really has no good options available to it. If they don’t pay the ransom their data will almost certainly be published. If they do pay, all they’ll get is a pinky promise from the criminals that the data won’t be used, but why would a criminal enterprise ever delete data that they may be able to monetize?”
However, when contacted by Bleeping Computer about the incident, operators of the Maze ransomware denied being responsible for the attack.
“In the past, Maze has been reticent to discuss attacks or victims until negotiations stall. As this attack is very recent, Maze is likely not discussing it to avoid complications in what they hope would be potential ransom payment,” the news outlet suggested.
To date, Cognizant refuses to comment beyond the statement posted on their site.
