Information technology services provider Cognizant admitted that it is a recent victim of a ransomware attack. In an official statement, the IT giant stated that it was hit by Maze ransomware that caused service disruptions for some of its clients. It has also notified its clients and users about the attack.
“Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack. Our internal security teams, supplemented by leading cyber defense firms, are actively taking steps to contain this incident. Cognizant has also engaged with the appropriate law enforcement authorities,” Cognizant said in a statement.
Cognizant notified its clients and users about the incident and also engaged with law enforcement authorities to investigate the attack. “We are in ongoing communication with our clients and have provided them with Indicators of Compromise (IOCs) and other technical information of a defensive nature,” Cognizant added.
According to Bleeping Computer, the listed IOCs included file hashes for the kepstl32.dll, IP addresses of servers, memes.tmp, and maze.dll files. It is said that clients can use this information to monitor and secure their network systems.
The Maze ransomware operators made headlines in recent months for holding its victims’ systems and threatening to leak their information if they fail to pay the ransom. The hackers who carried out the Maze ransomware attack in the Pensacola city of Florida released two gigabytes of data files stolen before encrypting the data on the internet. Florida Department of Law Enforcement sent an official letter to the County Commissioner stating that it was a Maze ransomware attack and the hackers demanded a ransom of $1 million in order to restore all the services.
Cybercriminals Vow Not to Attack
Amid the Coronavirus pandemic, cyberattacks on the business sector have become an additional threat level and hurdle to organizations, especially for health care providers. However, on the flipside, several ransomware groups recently came forward to assure that they would hold back from attacking health organizations during the Coronavirus crisis. Lawrence Abrams from Bleeping Computer reached out to the operators of the Maze, DoppelPaymer, Ryuk, Sodinokibi/REvil, PwndLocker, and Ako Ransomware infections to find out if they would cease to target health care organizations during this time of dire crises.
Maze ransomware authors responded stating that, “We also stop all activity versus all kinds of medical organizations until the stabilization of the situation with the virus.” They also stated that if any health care organization is hit by mistake, they would decrypt it for free.