IT services firm Cognizant hit with Maze ransomware - CyberScoop

Written by Sean Lyngaas Apr 18, 2020 | CYBERSCOOPCognizant, a multibillion-dollar IT services company with clients in the banking and oil and gas industries, said Saturday its computer systems had been disrupted by Maze ransomware, a strain of malicious code that has been used in cyberattacks in the U.S. and Europe in recent months. “Our internal security teams, supplemented by leading cyber defense firms, are actively taking steps to contain this incident,” the New Jersey-based company said in a statement. A Fortune 500 company with over a quarter of a million employees worldwide, Cognizant possesses a wealth of data that would make it a target of hackers. Cognizant’s software and consulting services are used by major pharmaceutical firms and restaurant chains, according to its website. Earlier this week, the company had notified clients of the incident and shared “indicators of compromise” — forensic data such as IP addresses and malicious files — so that they could defend against the malicious activity. “The integrity and availability of our systems are of paramount importance to Cognizant and we are working diligently to minimize any disruptions,” a company spokesperson told CyberScoop earlier on Saturday. One of the malware samples that Cognizant shared with clients is detected by multiple anti-virus products as Maze ransomware . Nearly all of the malicious IP addresses reported by Cognizant have been previously used by hackers to deploy the Maze ransomware, according to advisories from the Department of Homeland Security and the FBI . The hackers behind Maze gained notoriety last year by stealing sensitive data from victims, encrypting it, and threatening to publish the information if they aren’t paid a ransom, leading the FBI to privately warn U.S. companies about the threat in December. The cyberattack on Cognizant is the latest sign that ransomware gangs are not holding off on targeting companies amid the novel coronavirus pandemic.