New Jersey IT service provider Cognizant has confirmed that it is the latest victim of the Maze ransomware.
The infection was revealed to the public this weekend. Cognizant has stated that the malware epidemic will likely disrupt the service of some of its customers, and may also endanger them.
The maze is unusual among ransomware strains in that it not only encrypts data on infected Windows machines, it also siphons copies of the originals. This gives the brains of malware extra leverage – don't pay the ransom and confidential corporate data can be leaked or sold online. It is feared that Maze may have infected Cognizant customers, via the US service provider, and if that happened, those customers' documents could have been stolen and scrambled.
“Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our customers, is the result of a Maze ransomware attack,” said the announcement.
Ransomware scammers, so generous, vow to refrain from health organizations during the COVID-19 crisis
“Our internal security teams, complemented by leading cyber defense companies, are actively taking action to contain this incident. Cognizant has also engaged with law enforcement officials.”
A update On Sunday, a rather disturbing warning was sent to customers: “We are in constant communication with our customers and have provided them with Compromise Indicators (IOCs) and other defensive technical information,” said Cognizant.
Cognizant provides on-site and cloud-hosted IT services for businesses as well as consulting concerts. The biz has high-value customers in areas such as banking, healthcare and manufacturing, and it is listed in the Fortune 500, so any large-scale attack on its systems is potentially serious.
The disbelievers in the labyrinth may not be the ones who really compromised the Cognizant network. Under the Breach Monitoring Service claims his team spotted someone who was selling access to an anonymous “major IT vendor” for $ 200,000 about a week before the intrusion was revealed, which led him to speculate that the maze crew had purchased access to Cognizant systems from another hacker who had performed the task of breaking into the network.
The strategy of disclosing data if its requests are not met is ransomware gang, leading to a new threat to organizations that would otherwise simply wipe ransomware infected devices and be restored from backups without paying the ransom.
In addition, the Maze ransomware is particularly well written and difficult to counter with technical means.
“Maze is ransomware created by qualified developers,” said McAfee in his exam code. “It uses many tricks to make the analysis very complex by disabling disassemblers and using pseudocode plugins.” ®
Office 365 client-to-client migration tips