When you experience a breach, time is crucial. Our 24/7 Security Operations Center responds immediately with precision to eliminate the threat and restore operations.
ShadowSpear® is an unparalleled resource that defends your organizations against advanced cyber threats and attacks 24/7/365.
Your organization has cybersecurity weaknesses and vulnerabilities you don’t yet even know about. They need to be found and found immediately. If you don’t someone else will.
The Managed Service Provider (MSP) Cognizant, located in Teaneck, New Jersey, was the victim of a recent ransomware attack presumed to be carried out by the ransomware group, Maze. After this attack, Cognizant had to frantically notify their clients to disconnect from the network to avoid any further damage. Immediate disconnection from the IT powerhouse was the only surefire way to stop the spread of ransomware throughout the environment.
Cognizant warned employees and clients important personal information such as Social Security Numbers, Financial Data, and Driver’s Licenses may have been stolen between April 9 and 11. These cybercriminals are known to use extortion to steal your data and then release that data if the company does not pay the ransom. And of course, encrypting your data prior to leaving the environment to hide tracks the best they can and force your company, or in this case, the companies being managed, to pay the ransom.
The typical way Maze will get into an environment is either through an open remote desktop or vulnerability on the perimeter of your environment, this was not confirmed how Cognizant’s client environment was originally compromised. Once they were inside Cognizant’s systems, they then exfiltrated data before ultimately encrypting. Maze is an especially dangerous group when it comes to information publishing. As time goes by, and the ransom is not paid, they release more of the exfiltrated information to their sites. This extortion tactic is exploited by Maze as they try to shame their victims into payment as quickly as they can.
Be wary of the access your company gives to third-party MSPs and practice what a third-party compromise could mean for your environment. It only takes one breach before your data is being published and held for ransom. Based on SpearTip threat intelligence this company does not publish data from companies who pay the ransom, but each incident is unique and paying or not paying a ransom should always be evaluated.
This attack shows anyone is vulnerable. An IT company with a great track record can have its reputation dismantled in just a few days. It is important you are aware of what can happen and consult an unbiased cybersecurity firm like SpearTip before it’s too late. SpearTip’s cybersecurity experts can protect you from ransomware attacks but, most importantly, protect your brand’s reputation.
Make sure your organization is protected from ransomware attacks like this and stay ahead of the curve. SpearTip’s ShadowSpear® platform is a deliberate prevention program and a great tool to use before your environment is compromised.
To learn more about ShadowSpear®, visit Speartip.com.
24/7 Breach Response: 833.997.7327
Identify, neutralize, and counter cyberattacks - provide confidence in your security posture
24/7 Breach Response: US/CAN: 833.997.7327
Main Office: 800.236.6550
1714 Deer Tracks Trail, Suite 150
St. Louis, MO 63131
©2024 SpearTip, LLC. All rights reserved.