A couple of months ago, IT service giant Cognizant revealed that it was the victim of a severe ransomware incident. Now, experts from a cyber security course mention that the company also suffered a significant unencrypted data breach as a result of the encryption malware attack.
Cognizant is one of the world’s leading cybersecurity firms with nearly 300,000 employees, generating nearly $15 billion USD in revenue.
In mid-April, Cognizant began notifying its customers about the Maze infection, a dangerous variant of ransomware. For security, the company recommended users disconnect from the service and implement some additional measures.
According to the experts of the cyber security course, the email received by the company’s customers also included some compromise indicators, such as IP addresses linked to Maze operators, as well as hashes for the kepstl32.dll, memes.tmp and maze.dll files. This data was collected in previous Maze attacks.
The incidents were reported to the California Attorney General’s Office. In the reports, Cognizant claims that the operators of the attack were active on the compromised network between April 9 and 11, during which time they would have extracted a limited amount of data from the company’s systems.
Cyber security course specialists point out that Maze operators are characterized by the theft of sensitive information before they begin encrypting the data of the attacked companies. Subsequently, attackers publish this information on hacking forums as a way to pressure victims and force the ransom payment.
The company warns that multiple confidential details (such as SSN, tax ID, financial details and even passports) of users were compromised during the incident: “We have determined that the personal information involved in this incident included your name and one or more of: your Social Security number and/or some other tax identification number, financial account information, driver’s license information, and even passport information.”
As part of its incident response process, the company is offering affected users one year of e-fraud protection and one-year identity theft services, plus the incident continues to be investigated. Regarding the employees of the company who may have been affected, Cognizant will issue new internal guidelines shortly.
For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.