IT giant Cognizant Technology Solutions Corp. On Saturday, he confirmed that he was the victim of the Maze Ransomware Cyber Attack, which led to disruptions to its customer service.
“Cognizant can confirm that a security incident related to our internal systems and leading to interruptions in the service of some of our customers is the result of an attack on Maze ransomware,” Cognizant wrote in a press blog with approximately 3,000,000 or more 15 billion dollars. income.
The company said it had informed all of its customers about the attack and that it was taking steps to contain the incident. However, Cognizant does not disclose the number of client systems affected by the attack.
“Our internal security teams, complemented by large cyber defense companies, are actively taking steps to contain this incident. Cognizant also committed itself to law enforcement agencies, ”the company added.
“We are in constant contact with our customers and have provided them with compromise indicators (IOC) and other technical information to protect.”
High alert related to the yet another ransomware attack perpetrated by the Maze group possibly affecting @Cognizant.
Reviewing & mitigating against the usual Maze TTPs (including RDP + remote services as an attack vector) is advisable.
— Vitali Kremez (@VK_Intel) April 18, 2020
The main goal of any malicious ransomware attack is to encrypt all files in the infected system and then require high fees to recover files.
However, in the case of Maze, this does not look like a typical ransomware encryption ransomware. First, it sends data to the attacker’s servers, then it saves the stolen data for ransom, and if the target companies do not pay, it publishes the information on the Internet.
Although Cognizant blames Maze Ransomware for its press blog, the Maze-related website has not yet published Cognizant data.
According to a report, the IOCs listed included server IP addresses and file hashes for the kepstl32.dll, memes.tmp, and maze.dll files, which are known to have been used in previous attacks. Ransomware Maze.
However, maze related hackers denied responsibility for the cyber attack in a BleepingComputer statement. According to the site, Maze is unlikely to discuss cyberattacks to avoid complications at this early stage.
According to several media reports, the city of Pensacola in Florida, the cybersecurity insurance provider Chubb Ltd. and Canadian construction company Bird Construction Inc. were the intended goals of Maze ransomware.