US technology and digital transformation giant Cognizant, which works with most of the world’s leading brands, has been pummelled by a ransomware attack which is causing major disruption to its operations.
The company’s client list reads like a who’s who of top firms, including Axa, BMW, Burger King, Pfizer, GlaxoSmithKiline, Etihad Airways, Johnson & Johnson, Novartis, and JP Morgan Chase, most of whom are already suffering from the coronavirus meltdown.
In a statement, Cognizant said: “We can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack.
“Our internal security teams, supplemented by leading cyber defense firms, are actively taking steps to contain this incident. Cognizant has also engaged with the appropriate law enforcement authorities.
“We are in ongoing communication with our clients and have provided them with Indicators of Compromise (IOCs) and other technical information of a defensive nature.”
It is not known how much money the Maze operators are demanding, although in December last year the group published a subset of data stolen from US manufacturer Southwire after it refused to cough up their $6m ransom.
Last month, the same group claimed that they had attacked insurance giant Chubb in March and had stolen a large amount of personally identifiable information from its systems.
The emergence of ransomware as a major cyber threat began in 2017 when the WannaCry attack hit businesses and institutions on a global scale, including the NHS, Telephonica and FedEx. Within weeks, the “NotPetya” attack took down WPP, TNT Express, Reckitt Benkiser, Mondelez International, Maersk and number of Ukrainian firms. Many have since revealed the attack has cost them hundreds of millions of pounds.
Soon after, a study commissioned by security firm Sophos revealed that nearly half of all UK tech bosses were prepared to pay a ransom fee to hackers to avoid reporting a data breach and risking a fine under GDPR, despite the potential reputational and financial damage such actions would incur.
Some 47% of UK IT directors said they would “definitely” be willing to pay a ransom, while a further 30% said they would “possibly” consider paying off criminals if the ransom was lower than the GDPR fine; just one in five (18%) respondents completely ruled out paying their attackers.
Half of UK firms would pay ransom to avoid GDPR fine
Over 40% of firms suffered cyber breach in past year
Firms warned over new wave of nefarious cyber attacks
TNT Express rocked as cyber attack wipes out $300m
WPP hit as new ransomware attack wreaks global havoc
UK firms ‘leaving themselves wide open to ransomware’
FA signs up Cognizant to kick off digital transformation