Cognizant has fallen victim to a Maze ransomware attack which has caused service disruptions for customers, with security experts warning of a “full-blown data breach”.
The multibillion-dollar IT services giant first reported the breach to the market on 18 April, which resulted in the locking up of internal systems from a family of ransomware that not only encrypts user files but also threatens to publish them.
According to McAfee, the Maze ransomware - previously known in the community as 'ChaCha ransomware' - was first discovered in May 2019.
The main goal of the ransomware is to crypt as many files as possible in an infected system before demanding a ransom to recover the files. However, the most important characteristic of Maze is the threat that the malware authors give to the victims that, if they do not pay, they will release the information on the Internet.
“Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack,” a spokesperson for Cognizant confirmed on 18 April. “Our internal security teams, supplemented by leading cyber defence firms, are actively taking steps to contain this incident. Cognizant has also engaged with the appropriate law enforcement authorities.
“We are in ongoing communication with our clients and have provided them with Indicators of Compromise (IOCs) and other technical information of a defensive nature.”
For John E Dunn - security author at Sophos - the word Maze hints that the US-based technology provider is already steeling itself to report the ransomware attack as a “full-blown data breach”.
“Maze has been blamed for extorting a succession of large organisations since last summer, and is known for stealing as well as encrypting files in an innovation used by the criminals to increase the pressure on victims to pay up: we’ve scrambled your sensitive files but will also leak them to the world if we don’t get what we want,” Dunn observed.
“For US companies, a data breach is a big deal which brings with it regulatory oversight as well as hefty potential costs if any customer information is found to be part of the stolen data. It’s also commercially awkward to admit an attack is causing problems for customers even if the company is far from the only prominent name affected by Maze in recent months.
“The challenge is that today’s successful compromises reflect the security weaknesses that have built up from yesteryear. Companies sometimes suspect that they have weaknesses but simply fail to find them as quickly as the attackers do.”
The Maze operators have denied responsibility for the cyber attack however, according to security website BleepingComputer. But the report added that Maze is likely not discussing it to avoid complications at this early stage.
Insurer Chubb in March was hit by a computer security incident that may have involved unauthorised access to data held by an outside service provider. A group that deploys the Maze ransomware claimed to have locked up devices on Chubb's network during March, according to BleepingComputer.
(Additional reporting by Shubham Kalia in Bengaluru; Editing by Daniel Wallis and Sandra Maler - Reuters)