Cognizant is working with cyber defense firms and law enforcement to investigate the attack, disclosed April 17.

Dark Reading Staff, Dark Reading

April 21, 2020

1 Min Read

Cognizant, a major provider of IT services, confirmed late last week it was the victim of a Maze ransomware attack that caused service disruption for some of its clients.

The company began to alert clients to the incident on Friday, April 17, informing them they had been compromised and providing an early list of the indicators of compromise (IoCs) and technical information found in its investigation so far. This gave client companies intel they could use to monitor their systems for malicious activity and add more protections if necessary.

Some IoCs they discovered included IP addresses of servers and file hashes for the kepstl32.dll, memes.tmp, and maze.dll files, which have been used by Maze operators, BleepingComputer reports.

"Our internal security teams, supplemented by leading cyber defense firms, are actively taking steps to contain this incident," Cognizant officials wrote in a statement, which confirms that Maze is responsible. "Cognizant has also engaged with the appropriate law enforcement authorities."

Read more details here.

_OMDIA_LOGO_Endorsement_Black.png

A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19. 

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights