CTS Hacked  – IT Service Giant Cognizant Hit With Ransomware Cyber Attack

Threat actors behind the Maze ransomware have attacked the well-known IT service giant, Cognizant Technology Solutions and the attack caused major service disruptions to its clients.

CTS is operated with more than 300,000 employees with several operations including digital, technology, consulting, and operations services.

However, the IT service provider also announced that they are exerting various measures to check every detail of the incident, with the cooperation of cyber defense companies, and they have also consulted with law enforcement authorities as well. 

The attack potentially resulting in a loss of revenue and incremental costs that negatively impact the company’s financial results.

The report from McAfee said that the hackers who attempted to order the Maze and threaten to deliver data on the internet if the targeted firms fail to pay the demanded ransom. 

They also added that its internal security teams, furnished by one of the leading cyber defense firms, who are continuously exerting different steps to accommodate this conflict.

Maze Ransomware Attack

Maze ransomware has a history of attacking the targeted organizations and lock down the files of the system and then charge massive returns to collect them. However, in Ransomware, the victims are demanded to pay a ransom if they wanted to get access that the hacker has stolen by using logs of their systems via forced encryption of data.

Attackers targeted the Cognizant’s internal system to lock down the computers and demand the ransom to unlock their locked systems.

it’s unclear how did attackers infect the internal system and gained access. the expert believes that the attack might be initiated using the malspam emails and trick employees to execution on the internal computers.

However, now let’s get back to the point, the internal security team of the Cognizant Technology Solutions Corp has stated that they have continuous contact with their clients and have implemented them by Indicators of Compromise (IOC) and additional technical information of a protective quality.

https://twitter.com/underthebreach/status/1251605359409664005

Not only this, but the CEO of the company Brian Humphries also drafted to all employees that this target is mainly done for Ransomware, which occurs at the top of exceptional COVID-19 calls that all of us are now dealing with.

CTS CEO Brain Humphries said that the attack was completely targeted and they have no evidence that the ransomware was impacted the system that is propagating to the client environment and also he stated that they are still in the earlier stage of responding to this attack.

According to the report of the various media channels, the claimed targets of Maze have covered the city of Pensacola in Florida, cybersecurity insurance provider Chubb Ltd. and Canadian architecture company Bird Construction Inc. Moreover, the Maze group also claimed to publish the files from all three organizations on its website.

After all this investigation, the Federal Bureau of Investigation on January declared an alert warning to the U.S companies regarding various measures of Maze that they have been using the threats to release all sorts of information of the company.

We have tried to reach CTS for further details of the attack, Ransom demand and how many systems were infected, but we didn’t receive any response from them.

The company has informed their “clients and have provided them with Indicators of Compromise (IOCs) and other technical information of a defensive nature”.

So, what do you think about this? Simply share all your views and thoughts in the comment section below.

Also Read: Most Ransomware attacks take place in the night or during weekends

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.