Ransomware is a type of malicious program used by hackers to take control of files in an infected system and then demand hefty payments to recover them. The Maze ransomware was discovered in 2019 and has since gained notoriety.
MUMBAI: New-Jersey headquartered IT services provider Cognizant on Saturday said that it had faced a ransomware attack on Saturday that has caused disruptions to its clients.
The company released a statement on Saturday on its official website. “Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack,” it said.
The Maze ransomware was discovered in 2019 and has since gained notoriety.
Cognizant added that it is taking stock of the incident and said it is communicating with clients on the measures to be taken by them. “Our internal security teams, supplemented by leading cyber defense firms, are actively taking steps to contain this incident. Cognizant has also engaged with the appropriate law enforcement authorities. We are in ongoing communication with our clients and have provided them with Indicators of Compromise (IOCs) and other technical information of a defensive nature.”
Typically the goal of any ransomware attack is to infect computers in a network and encrypt files on these computers and then demand a ransom to recover the files. Maze, however is different, according to experts. The attacker in this case has the ability to exfiltrate or transfer the data onto his or her server. The data is then held on this server until a ransom is paid to recover it. If the victim does not pay the ransom, the attackers then publish the data online.
“Maze ransomware operators are known to conduct their attack below the surface and have a reputation of stealing the data first before locking their target systems. They fully understand their victim’s reputational risks, and hence their approach is “steal, lock and inform”,” said Beenu Arora, CEO and co-founder of US-based cyber security company, Cyble.
Cognizant has not yet been named on a website that is associated with Maze attackers. The website has named other companies in the past for failing to comply with Maze related ransomware demand. Arora of Cyble said that the ransomware group in this case understands the brand value of the organization. It has turned into a well-funded network in recent months he said, “This is mainly due to successful ransomware attacks due to growth of their affiliates, organizations increasingly paying ransomware extortions and certain cyber insurance companies negotiating with the ransomware operators and to make payments.