Cognizant hit by 'Maze' ransomware attack amid coronavirus crisis

Though hackers linked to Maze have denied involvement in the attack on Cognizant, experts said it could have been the handiwork of some anonymous hackers
Information technology services major Cognizant has said it has been hit by Maze ransomware, which has caused disruptions in operations for some its clients.

The Teaneck, New Jersey-based IT firm said it was in constant communication with its clients and has provided them with indicators of compromise.

Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack,” the company said in a statement.

The firm’s security teams, supplemented by leading cyber defence firms, are taking steps to contain the incident, Cognizant said.
The anonymous hackers behind Maze have made headlines in recent months for publicly holding its victims hostage, threatening to leak company information if the target doesn’t pay its ransom.

In January, the US Federal Bureau of Investigation issued a warning to American companies about Maze’s tactic of threatening to release company information.

Though hackers linked to Maze have denied involvement in the attack on Cognizant, experts said it could have been the handiwork of some anonymous hackers.

“The reported Maze attack on Cognizant is worrisome, as it is not like typical ransomwares. Other than encrypting data, it is able to spread across a network, infecting and encrypting every computer on its path, and it can also exfiltrate the data to the attackers,” said Saket Modi, CEO of Lucideus, an enterprise cybersecurity platform company.

“Though Maze operators have denied the attack, it has still been categorised as Maze because the listed indicators of compromise included IP addresses of servers and file hashes, which are known to be used in previous attacks by Maze actors.”

At a time when more than 90 per cent of employees of IT services firms globally are working from home, such attack indicates a worrying trend. While there has been a significant rise in phishing attacks in the guise of Covid-19 themed websites, the ransomware attack seems to be the most severe form of such attempts at this point of time.


ALSO READ: PM Narendra Modi pushes for use of technology in the 'era of Covid-19'


Business Standard is now on Telegram.
For insightful reports and views on business, markets, politics and other issues, subscribe to our official Telegram channel