The IT services provider confirmed on April 18 that it had fallen victim to a ransomware attack perpetrated by the threat group Maze. According to Bleeping Computer, the emails sent out by Cognizant to its clients included a “preliminary list of indicators of compromise identified through our investigation”, and IP addresses of servers, among other things. Services to some of the company's clients have been affected by the incident. According to a report by BleepingComputer , the listed IOCs included IP addresses of servers and file hashes for the kepstl32.dll, memes.tmp, and maze.dll files, which are known to be used in previous attacks by the Maze ransomware actors. Cognizant confirmed that "the appropriate law enforcement authorities" had been made aware of the incident. MediaNama is the premier source of information and analysis on Technology Policy in India. The report speculates the presence of Maze operators in Cognizant’s severs for weeks, and that if it was Maze, they usually steal unencrypted files before encrypting them. Systems Admin Arrested for Hacking Former Employer, Judge Signs Off on $7.75m Equifax Settlement, Supply Chain Cybersecurity: What You Need to Consider, #SecTorCa: How One Malicious Message Could Exploit an Enterprise, Maze Group Wages Ransomware Attack on Cognizant, Cognizant: Ransomware Costs Could Reach $70m, MAZE Attacks Victoria Beckham's Advisory Firm, Pitney Bowes Hit by Ransomware for Second Time. Maze operators use RSA-2048 and ChaCha20 encryption and require the victim to contact the threat actor by email for the decryption key. Cognizant, Cybersecurity, Data Breach. Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security, © Copyright footer_current_date - Cybersecurity Insiders. Sign up for the free newsletter! The ad was posted on April 11 and removed the day before the ransomware attack on Cognizant. Note 1- Maze Ransomware is a typical file-encrypting malware that not only locks down the data until a ransom is paid. Cognizant which is known to provide IT services to multinational companies across the world have admitted that its internal systems witnessed disruption just before the weekend due to Maze Ransomware. “Maze ransomware operators are known to conduct their attack below the surface and have a reputation of stealing the data first before locking their target systems. Services to some of the company's clients have been affected by the incident. By continuing to use this website, you agree to their use. "Our internal security teams, supplemented by leading cyber defense firms, are actively taking steps to contain this incident.". Cognizant which has over 300,000 employees and manages $15 billion revenues are seen as the backbone of several fortune 500 companies. Cognizant which has over 300,000 employees and manages $15 billion revenues are seen as the backbone of several fortune 500 companies.