Outsourcing firm is latest to fall victim to pervasive ransomware group
New Jersey-based Cognizant confirmed that it’s the latest to fall victim to the Maze ransomware group hitting corporations around the world.
The Lowdown: The extent of the damage and disruption caused by the Maze attack on Cognizant is unknown. The company confirmed the attack, saying it’s affecting internal systems and “some” customers. Hackers associated with the Maze group deny involvement in the attack, but security experts say that doesn’t dismiss Maze from responsibility.
The Details: Maze uses ransomware software to infiltrate and encrypt files. Users can see the files, but can’t access them. The ransomware group will hold them hostage until the victims pay for the files’ release.
Maze uses a pervasive strategy for its ransomware attacks. Not only does the malware spread from computer to computer, but it also exfiltrates the files to the hacker’s network. The victim must pay for the decryption to prevent the public release of documents.
Cognizant says it’s working with law enforcement to resolve the issue.
Background: Maze attacks have been on the rise since late 2019. In January, the FBI issued an alert to U.S. companies about the Maze attacks and tactics. Maze is linked to several high-profile ransomware attacks, including the city of Pensacola, insurance carrier Chubb, and several law firms.
The ransomware model is one of extortion. Hackers seek payment from their victims. The FBI and law enforcement agencies have pressed private companies over the past several years to take measures to mitigate ransomware exposure.
While ransomware attacks are rising, reports indicate hackers are having a difficult time collecting from their victims. The COVID-19 pandemic is financially straining companies, hindering their ability to pay. Hackers, some reports say, are slowing the pace of their attacks to negotiate terms with their victims.
The Buzz: “Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack,” the company said in a statement. “Our internal security teams, supplemented by leading cyberdefense firms, are actively taking steps to contain this incident. Cognizant has also engaged with the appropriate law enforcement authorities. We are in ongoing communication with our clients and have provided them with Indicators of Compromise (IOCs) and other technical information of a defensive nature.”