Cognizant: Ransomware Attack Disrupting ServicesSEC Filing Shows Company Still Assessing Maze Attack
IT services and consulting giant Cognizant is still assessing the damage from a ransomware attack on Friday. And it's warning that the incident is disrupting services to some of its clients and could affect the company's revenue, according to a Monday filing with the U.S. Securities and Exchange Commission posted Monday.
In the filing, Cognizant attributes the attack to the Maze ransomware strain and says it's working with third-party security consultants and law enforcement officials to assess the damage.
"We are in ongoing communication with our clients about the incident and have made available indicators of compromise and other technical information of a defensive nature," according to the SEC filing. "Although we are in the early stages of assessing this incident, the attack has caused and may continue to cause an interruption in parts of our business and may result in a loss of revenue and incremental costs that may adversely impact our financial results."
Earlier this month, Cognizant, which is a Fortune 500 company, withdrew its full-year financial guidance due to the COVID-19 pandemic, joining other companies that have scaled-back or withdrawn their financial outlook for the year due to uncertainty over the current healthcare crisis.
In 2019, Cognizant posted annual revenue of $16.8 billion with operating income of $2.5 billion. While based in New Jersey, the company has a large presence in India and employs over 290,000 worldwide; it provides a wide range of IT and consulting services.
A spokesperson for Cognizant could not be immediately reached for comment. The company has not offered details about whether it plans to pay a ransom.
The Latest Apparent Maze Victim
On Saturday, Cognizant released a statement acknowledging that its internal systems sustained a ransomware attack that it attributed to Maze.
Over the last few months, the Maze ransomware group has become one of the most notorious cybercriminal gangs and has leaked the data of victims who have refused to pay the ransom. Other cybercriminal groups, such as Sodinokibi - aka REvil - followed suit (see: More Ransomware Gangs Join Data-Leaking Cult).
In March, security firm Emsisoft connected the Maze gang to a recent attack against Switzerland-based global insurance firm Chubb. While the company admitted it's investigating a "security incident," Chubb did not indicate Maze was the culprit behind the attack (see: Insurer Chubb Investigating 'Security Incident').
Bleeping Computer, which first reported the Cognizant incident, reports that the Maze operators denied responsibility for the incident during an online chat with the publication.