Cognizant confirms Maze ransomware attack, says customers face disruption

Cognizant, one of the largest tech and consulting companies in the Fortune 500, has confirmed it was hit by a ransomware attack.

Details remain slim besides a brief statement on its site, confirming the incident.

“Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack,” the statement read. “Our internal security teams, supplemented by leading cyber defense firms, are actively taking steps to contain this incident.”

The New Jersey-headquartered IT giant said it was engaging with the law enforcement.

The company, which offers a range of services including IT consultation to clients in more than 80 countries, posted $16.8 billion in revenue last year. The decades-old firm also maintains a business agreement with Facebook to help the social giant moderate content on its platform. Cognizant employs about 290,000 people, most of whom live in India.

When reached, Cognizant spokesperson Richard Lacroix declined to comment beyond the statement.

Maze is not like typical data-encrypting ransomware. Maze not only spreads across a network, infecting and encrypting every computer in its path, it also exfiltrates the data to the attackers’ servers where it is held for ransom. If a ransom isn’t paid, the attackers publish the files online. However, a website known to be associated with the Maze attackers, has not yet advertised or published data associated with Cognizant.

The FBI privately warned businesses in December of an increase in Maze-related ransomware incidents.

Since the warning, several major companies have been hit by Maze, including cyber insurer Chubb, accounting giant MNP, a law firm and an oil company.

According to Bleeping Computer, which first reported the attack, the Maze hackers denied responsibility for the attack.

“That does not mean Maze was not responsible,” said Brett Callow, a threat analyst and ransomware expert at security firm Emsisoft. “At some point in the last three weeks, Maze also hit two Manitoba law firms, neither of which has been listed.”

“It’s possible the group is holding off naming the firms and publishing any data pending the outcome of negotiations, and that could be the case with Cognizant too,” said Callow.

Updated at 3.13PM PT on April 20: In a filing with SEC on Monday, Cognizant, which earlier this month withdrew its guidance for 2020, said that the attack “may continue to cause an interruption in parts of our business and may result in a loss of revenue and incremental costs that may adversely impact our financial results.”