In a series of data breach notifications, IT services giant Cognizant has stated that unencrypted data was most likely accessed and stolen during an April Maze Ransomware attack. Cognizant is one of the largest IT managed services company in the world with close to 300,000 employees and over $15 billion in revenue. As a managed service provider (MSP), Cognizant remotely manages many of its clients to fix issues, install patches, and monitor their security.
On April 17th, Cognizant began emailing their clients to warn them that they were under attack by the Maze Ransomware so that they could disconnect themselves from Cognizant and protect themselves from possibly being affected. This email also contained indicators of compromise that included IP addresses utilized by Maze and file hashes for the kepstl32.dll, memes.tmp, and maze.dll files. These IP addresses and files are known to be used in previous attacks by the Maze ransomware actors. While Cognizant stated that it was an attack by Maze, the Maze operators told BleepingComputer at the time that they weren’t behind the attack.
Source: Bleeping Computer