COVID-19 forced the lockdown across the world and forced many businesses to allow remote working during the lockdowns. This created an opportunity for the dark web actors to get into the action. There has been an increase in cyberattacks ranging from phishing scams to ransomware attacks.
Leading IT services provider Cognizant was recently targeted by a ransomware attack. The company confirmed a security incident involving their internal systems, leading to disruption of services for some clients due to Maze ransomware attack.
The ransomware attack has caused and may continue to cause an interruption in parts of Cognizant’s business, potentially resulting in a loss of revenue and incremental costs that negatively impact the company’s financial results, according to a filing by the U.S. Securities and Exchange Commission (SEC)
Also known as ChaCha ransomware, Maze was discovered in May 2019. Maze is a particularly nasty threat because its operators often use a tactic which has been called “double extortion,” where they threaten to leak compromised data or use it in future spam attacks, if ransom demands aren’t met. The Maze ransomware is part of a emerging ransomware series, which steal data before encrypting it and threatens to release this stolen data if the victim organisation does not pay.
Though Maze ransomware organization has denied its involvement in the attack, security experts don’t seem convinced. “The ransomware has still been categorized as Maze because the listed indicators included IP addresses of servers and file hashes.
The Maze ransomware historically relied on exploit kits, remote desktop connections with weak passwords or email impersonation to gain access to a user’s system.Cognizant is not the first company to be infected by the Maze Ransomeware, before Cognizant the maze ransomeware techniques were applied on Cyber Insurance Giant Chubb, Allied Universal and MDLab.