As per tweet from Vitali Kremez
High alert related to the yet another ransomware attack perpetrated by the Maze group possibly affecting @Cognizant.
Reviewing & mitigating against the usual Maze TTPs (including RDP + remote services as an attack vector) is advisable.
Pushed #YARAhttps://github.com/k-vitali/Malware-Misc-RE/blob/master/2020-04-18-maze-ransomware-unpacked-payload.vk.yar …
Mumbai: IT services provider Cognizant revenue may be impacted by the Maze ransomware attack last week, the company said in a disclosure made to the US Securities and Exchange Commission.
“Although we are in the early stages of assessing this incident, the attack has caused and may continue to cause an interruption in parts of our business and may result in a loss of revenue and incremental costs that may adversely impact our financial results,” the company said in a filing.
Read more at:
Cognizant has confirmed that a Friday evening Maze ransomware attack has disrupted its systems.
IT services giant Cognizant said that it has been hit by the Maze ransomware group in a cyberattack that has caused service disruptions.
Cognizant, a Fortune 500 company that employs close to 300,000 people, said that it is providing customers with indicators of compromise (IoCs) and other technical details of the attack, which first started on Friday. Public details about how the company was attacked, and which services are disrupted, are scant. Threatpost has reached out for further comment.
“Our internal security teams, supplemented by leading cyber-defense firms, are actively taking steps to contain this incident,” the company said in a statement on its website. “Cognizant has also engaged with the appropriate law enforcement authorities.”
Maze operators in an interview with Bleeping Computer, which first reported the ransomware attack, denied any association with the attack. However, according to the news outlet, Maze has historically been reserved in discussing their association with cyberattacks.
According to Bleeping Computer’s report, the listed IoCs that Cognizant provided to customers include the IP addresses of servers associated with the kepstl32.dll, memes.tmp and maze.dll files, which are known to be used previously in Maze ransomware attacks.
Check for more detail:https://threatpost.com/maze-ransomware-cognizant/154957/
With the insidious Maze ransomware, victims can no longer hit “reset” on their backup and recovery systems and ignore the criminal’s demand for cash because the virus exports the victim’s data to the attacker, giving cybercriminals a great deal of leverage, security analysts told CRN.
“Ransomware attacks used to be about encrypting the victim’s data,” said Brett Callow, a threat analyst with Emsisoft, a New Zealand-based maker of anti-malware and anti-virus software. “They now steal a copy of it as well. That trend was started by Maze at the tail end of last year, but multiple other groups have now hopped on that bandwagon. If the victims do not pay, they publish the data.”
Solution provider Cognizant was hit over the weekend by Maze, which not only attacked the $16 billion company, but also some of its customers. Cognizant said its own internal security force was augmented by outside security contractors. The company said it has also contacted federal authorities. On Monday, a spokesman for Cognizant said the company had no statement beyond what the firm released on Saturday.
“It’s a very bad state of affairs for the victims,” Callow said. “A company that is attacked in this way really has no good options available to it. If they don’t pay the ransom their data will almost certainly be published. If they do pay, all they’ll get is a pinky promise from the criminals that the data won’t be used, but why would a criminal enterprise ever delete data that they may be able to monetize?”
Victims not only have to fear the exposure of sensitive internal documents to the public as well as to competitors, but fines from the government if the data that is exposed contains personally identifiable information. That exposure is significant in the case of Cognizant, which has 295,000 employees and operates in 37 countries. Cognizant works in several industries with protection requirements around data. Information in the company's network is subject to General Data Protection Regulation (GDPR), California’s Consumer Privacy Act, HIPPA, and others, according to Cognizant's 10-K filing.
Check for more information :https://www.crn.com/news/channel-programs/cognizant-left-with-no-good-options-after-maze-attack-security-expert
Comments