Cognizant discloses Maze ransomware attack

Maze ransomware claimed yet another victim.

IT services giant Cognizant was attacked by the Maze ransomware gang, the company confirmed Saturday. It's unclear whether Cognizant alone was compromised or if the company's clients were also affected by the attack.

"Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack," the Fortune 500 IT services firm said in its released statement. "Our internal security teams, supplemented by leading cyber defense firms, are actively taking steps to contain this incident. Cognizant has also engaged with the appropriate law enforcement authorities."

Bleeping Computer reported Friday that Cognizant had emailed clients alerting them about the attack; the email alerts included preliminary indicators of compromise that customers could use to detect Maze threat actors in their environments. In its statement, Cognizant said it is "in ongoing communication with our clients and have provided them with Indicators of Compromise (IOCs) and other technical information of a defensive nature."

The Maze ransomware gang was first discovered in May 2019, and quickly became known for its tendency to release a victim's files onto the internet if said victim does not pay the ransom. The group has attacked a number of organizations in recent months, but Cognizant, which generated $16.8 billion in revenue last year, may represent its biggest victim yet.

Ransomware attacks on managed service providers and remote IT service providers have increased in recent years; threat actors have compromised MSPs and IT service providers and then used the remote access to further infect their clients.

SearchSecurity asked Cognizant if there was any indication that clients were also breached or attacked by Maze and had not received a response at press time.