Cognizant confirms data breach after Maze ransomware attack


Level 37
Feb 4, 2016
Unencrypted data most likely were stolen

In two data breach notification letters [1, 2] filed with the Office of the Attorney General of California, Cognizant states that the Maze Ransomware operators were active on Cognizant's network between April 9th and the 11th.

During the time they had access, they "likely exfiltrated a limited amount of data from Cognizant’s systems."
Before deploying ransomware and encrypting devices, the Maze Ransomware operators will first spread laterally through the network and steal unencrypted files.

These stolen files are then used as an extortion tactic by threatening to publicly release the data on the Maze data leak site if the victim does not pay the ransom.