author photo
By Clare O’Gara
Mon | Apr 20, 2020 | 5:30 AM PDT

Cognizant is the world's largest IT managed services firm. Which means it can boast some big numbers—namely $15 billion in sales and 300,000 employees.

So what happens when a firm this big experiences a ransomware attack?

On Friday, April 17, Cognizant found out.

What happened in Cognizant ransomware attack? 

The day after the attack, the firm announced the incident in a press release. Cognizant was light on details, but explained this much:

"We can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack."

It also assured clients that communication was a major priority:

"We are in ongoing communication with our clients and have provided them with Indicators of Compromise (IOCs) and other technical information of a defensive nature. "

Cognizant didn't go into public details about what these "Indicators of Compromise" are, but perhaps you have already seen them.

Uncovering timing details of Cognizant ransomware attack

As it turns out, "Casual Friday" is more than a favorite day of the week for employees; it's also critical for hackers.

Vitali Kremez, a security researcher with the Twitter  handle @VK_Intel, explained why these attacks tend to happen on Fridays:

maze-ransomware-tweet3

He also alerted many about the Maze group attack against Cognizant:

maze-ransomware-tweet

He shared the kind of ransom note that Maze is leaving behind. The message threatens to leak information if the ransom goes unpaid. Click the image to expand.

maze-ransomware-tweet2

The note threatens a repeat of the type of thing that happened to Southwire. Read about the Maze extortion attempt against Southwire that led it to sue "John Doe" hacker.

Maze ransomware is nuclear ransomware

Maze ransomware represents the evolution of ransomware to what some are calling nuclear ransomware.

What is nuclear ransomware? SecureWorld spoke to Roger Grimes of security awareness firm KnowBe4 about this targeted, painful process designed to get hackers more money:

"They are going to determine your company's crown jewels and take it. And then if you decide you're not going to pay the ransom right away, they're going on either your website or a public website or blog they've set up and saying we have the data.

We have this much data and this much information, it has customer data, employee data, we have everybody's passwords. And if you don't pay up, we're willing to release this because that company, because Roger Grimes, Roger Grimes Incorporated, is not paying the ransom. We're going to release all the data and give it to his competitors very publicly."

Grimes discussed this new style of nuclear ransomware attack in great detail during a SecureWorld web conference, which is available now on demand: Now that Ransomware Has Gone Nuclear, How Can You Avoid Becoming the Next Victim?

It is now more critical than ever that you take steps to protect your organization from nuclear ransomware. The stakes have never been higher.

Comments