Cognizant hit by Maze ransomware attack

IT giant Cognizant has confirmed that it was Maze ransomware attack on late Saturday evening.

"Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack," Cognizant wrote in a press blog.

The company also said that it has informed all its clients about the attack and "provided them with Indicators of Compromise (IOCs) and other technical information" that will help the companies to protect themselves.

"Our internal security teams, supplemented by leading cyber defense firms, are actively taking steps to contain this incident. Cognizant has also engaged with the appropriate law enforcement authorities," the company added.

Maze is not a typical ransomware that takes hostage a system or a network in exchange of an amount. It works in three steps, which encrypt, exfiltrate and extort. To put it simply, it spreads around a network using special exploit kits to take hold of any data in its path. It then ownloads the data on attackers' servers before demanding ransom from the victim.

According to a report by BleepingComputer, which first discovered the attack, Maze actors, who have been responsible for several attacks in the past, have denied being responsible for the latest attack on Cognizant. However, ransomware expert Brett Cllow believes otherwise. "That does not mean Maze was not responsible...It's possible the group is holding off naming the firms and publishing any data pending the outcome of negotiations, and that could be the case with Cognizant too," Callow, who is a threat analyst and ransomware expert at security firm Emsisoft, told TechCrunch.