IT services firm Cognizant hit with Maze ransomware

Forensic data suggests that Maze infrastructure was used in the attack.

Cognizant, a multibillion-dollar IT services company with clients in the banking and oil and gas industries, said Saturday its computer systems had been disrupted by Maze ransomware, a strain of malicious code that has been used in cyberattacks in the U.S. and Europe in recent months.

“Our internal security teams, supplemented by leading cyber defense firms, are actively taking steps to contain this incident,” the New Jersey-based company said in a statement. “Cognizant has also engaged with the appropriate law enforcement authorities.”

A Fortune 500 company with over a quarter of a million employees worldwide, Cognizant possesses a wealth of data that would make it a target of hackers. Cognizant’s software and consulting services are used by major pharmaceutical firms and restaurant chains, according to its website.

Earlier this week, the company had notified clients of the incident and shared  “indicators of compromise” — forensic data such as IP addresses and malicious files — so that they could defend against the malicious activity.  The attack caused “service disruptions for some of our clients,” the company said.


“The integrity and availability of our systems are of paramount importance to Cognizant and we are working diligently to minimize any disruptions,” a company spokesperson told CyberScoop earlier on Saturday.

One of the malware samples that Cognizant shared with clients is detected by multiple anti-virus products as Maze ransomware. Hackers affiliated with Maze reportedly denied involvement in the attack to Bleeping Computer, but the forensic data suggests that Maze infrastructure was used in the attack. Nearly all of the malicious IP addresses reported by Cognizant have been previously used by hackers to deploy the Maze ransomware, according to advisories from the Department of Homeland Security and the FBI.

The hackers behind Maze gained notoriety last year by stealing sensitive data from victims, encrypting it, and threatening to publish the information if they aren’t paid a ransom, leading the FBI to privately warn U.S. companies about the threat in December. A spate of malicious Maze activity has continued since then.

The cyberattack on Cognizant is the latest sign that ransomware gangs are not holding off on targeting companies amid the novel coronavirus pandemic.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts