- IT services provider Cognizant was the victim of a Maze ransomware attack, the company said Saturday.
- Some of Cognizant's clients suffered disrupted services from the attack and the ransomware targeted the company's internal systems. Cognizant is working to contain the incident, according to the announcement.
- The company is working with law enforcement and has "proactively shared Indicators of Compromise" with its clients, according to a tweet.
As the world reels from the coronavirus outbreak and companies are leaning on their IT providers more than ever, Cognizant's services are invaluable. Cognizant has clients across industries, relying on the company to remotely administer patches or offer IT support.
Bleeping Computer contacted the operators who denied the attack, however, Cognizant was able to confirm traces of Maze. The Fortune 500 company shared samples of the ransomware with its clients, determining its association with Maze.
Maze is deployed using tools similar to PowerShell Empire, according to Bleeping Computer. The operators were likely in Cognizant's network for weeks before executing their attack. Maze is an influential piece of ransomware, and other strains copy its modus operandi: encrypt, steal and publish data.
In March, Maze struck a United Kingdom-based medical research company on standby for developing vaccines for the coronavirus. While Hammersmith Medicines Research "repelled" the attack, Maze's operators published files about a week later. The data was between eight and 20 years old.
A ransomware-turned-data breach ups the ante for Cognizant's responsibility for affected clients. When a manufacturer was hit by ransomware DoppelPaymer, the operators publicly published data belonging to its customers, including Tesla, SpaceX, Boeing and Lockheed Martin.
As the hackers possess data, it is unknown when or how much data they will publish, if they do so at all. However, companies undergoing remediation post-incident have to ensure they don't accidentally destroy forensic evidence indicating a data breach.