Digital solutions provider and IT consultant giant Cognizant has been struck by a Maze ransomware attack that infected its systems and caused service disruptions to its clients.
The Teaneck, N.J.-based company, with roughly $15 billion in revenue, confirmed the incident in a press release over the weekend. Cognizant serves a wide spectrum of industries, including banking, consumer goods, healthcare, manufacturing, retail, and transportation and logistics — all of which could use IT support and strategy during the ongoing coronavirus pandemic, when business systems are especially strained and stressed.
“It’s one of the fundamental security challenges in the 21st century: Your company may be buttoned up, but your business partners, vendors and service providers may be at risk,” said Jake Olcott, VP at BitSight. “The massive shift to work from home is only exacerbating the third party risk management challenge. Companies struggle to manage risk from their own remote workforce. Now, each one of their business partners and vendors has their own remote workforce. The attack surface has just exploded overnight.”
“Our internal security teams, supplemented by leading cyber defense firms, are actively taking steps to contain this incident,” Cognizant’s press release states. “Cognizant has also engaged with the appropriate law enforcement authorities. We are in ongoing communication with our clients and have provided them with Indicators of Compromise (IOCs) and other technical information of a defensive nature,” it continues.
“The Maze ransomware is part of a new wave of particularly devious strains of ransomware which steals data before encrypting it and threatens to release this stolen data if the victim organization does not pay. Therefore, even if an organization has backups from which they can restore data and continue operations, it would not be enough to mitigate all the threats,” said Javvad Malik, security awareness advocate at KnowBe4. “A layered defense is therefore essential, so that organizations make it difficult for criminals to install ransomware, and if they do, detect exfiltration and encryption of data.”