18.04.2020

Cognizant confirms Maze ransomware attack

To this day, details provided by the Tech Giant are limited to a very short statement on its site, confirming the incident. 

“Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack,” the statement read. “Our internal security teams, supplemented by leading cyber defense firms, are actively taking steps to contain this incident.”

Cognizant said that it has engaged with the appropriate law enforcement authorities.

About Maze

Maze was first observed in May 2019. From October the same year it gained the attention of the public. November 2019 Maze began posting the names of the companies that did not respond to their ransom demands.

Most ransomware attacks out there only encrypt data local to the victim’s targeted environment. Maze’s difference is its abilities to both exfiltrate the encrypted data and extort the victim. As a result, Maze can apply (and has applied) more pressure to victims by threatening to leak sensitive data via “name and shame” websites as Trend Micro researchers are warning for.

This threat should be taken seriously, as Sentinel One and Trend Micro researchers have noted that attack groups using Maze have made good on this threat and indeed released sensitive victim information to the public via. Occurring in mid-December of 2019, this leaking entailed posting documents and raw databases belonging to noncompliant victims.