IT giant Cognizant Technology Solutions Corp. on Saturday confirmed that it was a victim of the “Maze” ransomware cyberattack that caused service disruptions to its clients.
“Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack,” Cognizant wrote in a press blog that employs about 3,00,000 and has over $15 billion in revenues.
The company said that it has notified all its clients about the attack and it is taking steps to contain the incident. However, Cognizant did not disclose how many customer systems were affected in the attack.
“Our internal security teams, supplemented by leading cyber defense firms, are actively taking steps to contain this incident. Cognizant has also engaged with the appropriate law enforcement authorities,” the company added.
“We are in ongoing communication with our clients and have provided them with Indicators of Compromise (IOCs) and other technical information of a defensive nature.”
The main goal of any malicious ransomware attack is to crypt all files that it can in an infected system and then demand hefty payments to recover the files.
However, in the case of Maze, it is not like typical data-encrypting ransomware. It first exfiltrates the data to the attackers’ servers, then holds the stolen data for ransom, and if the targeted companies fail to pay it releases information on the internet.
While Cognizant clearly puts the blame on the Maze ransomware on its press blog, the Maze-associated site has not yet released Cognizant’s data.
According to a report by BleepingComputer, the listed IOCs included IP addresses of servers and file hashes for the kepstl32.dll, memes.tmp, and maze.dll files, which are known to be used in previous attacks by the Maze ransomware actors.
However, the hackers linked to Maze have denied responsibility for the cyberattack in a statement to BleepingComputer. The website believes that Maze is likely not discussing the cyberattack to avoid complications at this early stage.
According to several media reports, the city of Pensacola in Florida, cybersecurity insurance provider Chubb Ltd. and Canadian construction company Bird Construction Inc. have been the alleged targets of Maze.