US services giant Cognizant latest MSP to be hit by ransomware

MSP targeted by Maze ransomeware which threatens to publish company's stolen files online

US IT services giant Cognizant was the victim of a ransomware attack last week which caused disruption to customers, the firm has said.

The attack happened on Friday night and the company immediately emailed customers about the attack, purported to be by the organisers of the Maze ransomware site, according to computing site BleepingComputer, which broke the news.

Publicly-listed Cognizant counts Dell, Microsoft, Cisco and Nutanix among its vendor partners, has a headcount of around 300,000 and last year posted revenues of $16.8bn. Last week it withdrew its guidance for 2020 due to the ongoing pandemic.

It is the latest channel player to be hit by ransomware attacks. Last year Kaseya and Connectwise saw a vulnerability exploited in an integrated plug-in. This was followed by attacks on NTT subsidiary Everis - one of the largest managed service providers in Spain - as well as Webroot.

"Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack," the firm said in a statement.

"Our internal security teams, supplemented by leading cyber defence firms, are actively taking steps to contain this incident. Cognizant has also engaged with the appropriate law enforcement authorities.

"We are in ongoing communication with our clients and have provided them with Indicators of Compromise (IOCs) and other technical information of a defensive nature."

Maze ransomware's unique characteristic is that once a target's network has been encrypted and infected, the target is given time to pay the ransomware and if it does not, the hackers publish the stolen information online.

The hackers behind the Maze website denied being responsible for the attack on the US firm when contacted by BleepingComputer.