Bad news: Cognizant hit by ransomware Maze, which leaks customers’ data online after non-payment

New Jersey IT services provider Cognizant has confirmed it is the latest victim of the Maze ransomware.

The infection was disclosed to the public this weekend. Cognizant said the malware outbreak will likely disrupt service for some of its customers, and possibly put them in danger as well.

Maze is unusual among ransomware strains in that it not only encrypts the data on infected Windows machines, it siphons off copies of the originals as well. This gives the malware’s masterminds extra leverage – don’t pay the ransom and confidential corporate data can be leaked or sold online. It is feared Maze may have infected Cognizant’s customers, via the US service provider, and if that did happen, those clients’ documents may have been stolen as well as scrambled.

“Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack,” the announcement read.

“Our internal security teams, supplemented by leading cyber defense firms, are actively taking steps to contain this incident. Cognizant has also engaged with the appropriate law enforcement authorities.”

An update on Sunday included a rather ominous warning for customers: “We are in ongoing communication with our clients and have provided them with Indicators of Compromise (IOCs) and other technical information of a defensive nature,” Cognizant said.

Cognizant provides on-premises and cloud-hosted IT services for companies as well as consultancy gigs. The biz has high-value customers in areas such as banking, health care, and manufacturing, and it is ranked in the Fortune 500, so any large-scale attack on its systems is potentially serious.

Source: Bad news: Cognizant hit by ransomware gang. Worse: It’s Maze, which leaks victims’ data online after non-payment • The Register