Skip to main content
close search
site logo
Dive Brief

Cognizant hit by Maze ransomware attack, client services disrupted

Published April 20, 2020
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Adobe Stock

Dive Brief:

  • IT services provider Cognizant was the victim of a Maze ransomware attack, the company said Saturday. 
  • Some of Cognizant's clients suffered disrupted services from the attack and the ransomware targeted the company's internal systems. Cognizant is working to contain the incident, according to the announcement. 
  • The company is working with law enforcement and has "proactively shared Indicators of Compromise" with its clients, according to a tweet.

Dive Insight:

As the world reels from the coronavirus outbreak and companies are leaning on their IT providers more than ever, Cognizant's services are invaluable. Cognizant has clients across industries, relying on the company to remotely administer patches or offer IT support.

Bleeping Computer contacted the operators who denied the attack, however, Cognizant was able to confirm traces of Maze. The Fortune 500 company shared samples of the ransomware with its clients, determining its association with Maze. 

Maze is deployed using tools similar to PowerShell Empire, according to Bleeping Computer. The operators were likely in Cognizant's network for weeks before executing their attack. Maze is an influential piece of ransomware, and other strains copy its modus operandi: encrypt, steal and publish data. 

In March, Maze struck a United Kingdom-based medical research company on standby for developing vaccines for the coronavirus. While Hammersmith Medicines Research "repelled" the attack, Maze's operators published files about a week later. The data was between eight and 20 years old.

A ransomware-turned-data breach ups the ante for Cognizant's responsibility for affected clients. When a manufacturer was hit by ransomware DoppelPaymer, the operators publicly published data belonging to its customers, including Tesla, SpaceX, Boeing and Lockheed Martin. 

As the hackers possess data, it is unknown when or how much data they will publish, if they do so at all. However, companies undergoing remediation post-incident have to ensure they don't accidentally destroy forensic evidence indicating a data breach.

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell