Caleb Boma | June 18th, 2020

The Managed Service Provider (MSP) Cognizant, located in Teaneck, New Jersey, was the victim of a recent ransomware attack presumed to be carried out by the ransomware group, Maze. After this attack, Cognizant had to frantically notify their clients to disconnect from the network to avoid any further damage. Immediate disconnection form the IT powerhouse was the only surefire way to stop the spread of ransomware throughout the environment.

Cognizant warned employees and clients important personal information such as, Social Security Numbers, Financial Data, and Driver’s Licenses may have been stolen between April 9 and 11. These cybercriminals are known to use extortion to steal your data and then release that data if the company does not pay the ransom.  And of course encrypting your data prior to leaving the environment to hide tracks the best they can and force your company, or in this case the companies being managed, to pay the ransom.

The typical way Maze will get into an environment is either through an open remote desktop or vulnerability on the perimeter of your environment, this was not confirmed how Cognizant’s client environment was originally compromised. Once they were inside Cognizant’s systems, they then exfiltrated data before ultimately encrypting. Maze is an especially dangerous group when it comes to information publishing. As time goes by, and ransom is not paid, they release more of the exfiltrated information to their sites. This extortion tactic is exploited by Maze as they try to shame their victims into payment as quickly as they can.

Be wary of the access your company gives to third party MSP’s and practice what a third-party compromise could mean for your environment. It only takes one breach before your data is being published and held for ransom. Based on SpearTip threat intelligence this company does not publish data from companies who pay the ransom, but each incident is unique and paying or not paying a ransom should always be evaluated.

This attack shows anyone is vulnerable. An IT company with a great track record can have their reputation dismantled in just a few days. It is important you are aware of what can happen and consult an unbiased cybersecurity firm like SpearTip before it’s too late. SpearTip’s cybersecurity experts can protect you from ransomware attacks but, most importantly, protect your brand’s reputation.

Make sure your organization is protected from ransomware attacks like this and stay ahead of the curve. SpearTip’s ShadowSpear® platform is a deliberate prevention program and a great tool to use before your environment is compromised. 

To learn more about ShadowSpear®, visit

24/7 Breach Response: 833.997.7327