The recent Maze ransomware attack on Cognizant Technology Solutions hurt the company's revenues and corresponding margins by $50 - $70 million approx. ₹377.52 Crores - ₹528.52 Crores.Cognizant believes it has contained a Maze ransomware attack in late April 2020, according to a first quarter earnings statement released May 7, 2020. Still, the attack will impact Cognizant’s Q2 2020 revenue, and there may be additional financial implications thereafter, the company indicated.
Cognizant’s first-quarter earnings were in the green, up by 3.5% in constant currency terms, but the shadow of the Maze ransomware attack on the company’s network still looms large. “We do anticipate the revenue and corresponding margin impact to be in the range of $50 to $70 million for the quarter [Q2],” said Cognizant’s Chief Financial Officer (CFO) Karen McLoughlin during the earnings call.“With the ransomware attack now contained… We are now substantially work from enabled,” added CEO Brian Humphries explaining that the vast majority of revenue impact will only be reflected in the next quarter’s earnings and continue to bear down in the coming year. “[The] ongoing remediation cost will institute through subsequent quarters,” he said.The issue with ransomware attacks, in comparison to other malware, is that the impact goes beyond mere monetary compensation. The company’s reputation takes a hit, clients back out and there’s a huge opportunity cost while security experts try to get systems back online. “We expect to incur certain legal, consulting and other costs associated with the investigation, service restoration and remediation of the breach,” explained McLoughlin.Cognizant isn’t the only company to get hit by Maze ransomware. The malicious software has been blamed for extorting a number of large organisations in the past year. However, the attack on Cognizant is likely the most prolific till date. “Unlike its predecessors, the group behind Maze ransomware delivered on its promises in late 2019 — more than once,” said global cybersecurity company Kaspersky.For instance, in November, when Allied Universal refused to pay up, the criminals leaked 700MB of internal data online including contracts, termination agreements, digital certificates, and more. The blackmailers said they had published just 10% of what they had stolen and threatened to make the rest available publicly if the target did not cooperate.For an IT services company like Cognizant, there’s a ripple effect that goes beyond simply paying the ransom. In addition to locking the company’s files behind a bitcoin paywall — sensitive information was stolen like targets for mergers and acquisitions, profit and loss reports, as well as medical records.“Ransomware attacks often rely on victims making a few basic mistakes that are often quite uncomfortable to confront,” explains Paul Ducklin, the Principal Research Scientist at Sophos. And, as is the case with most blackmail, paying the blackmailers doesn’t necessarily ensure that information won’t be leaked.All you have is a pinky promise from a bad-faith actor that they will keep their word — and Cognizant’s clients seemed to be aware of this little complication. “Some clients opted to suspend access to their networks. Billing was therefore impacted for a period of time, yet the cost of staffing projects remained on our books,” said Humphries.The approach that hackers take is called ‘steal, lock and inform’ because they understand the impact this will have on the company’s reputation. “The attack encrypted some of the internal systems, effectively defaming them and we proactively took other systems offline,” added Humphries.There’s no reset button, there’s no way to get the information back and it takes time to determine how much data has been lost since attackers erase any directories or back-ups a company may have in place. “Backing up data is just a hygiene step that needs to be taken by every data storing facility mandatorily, however it is not enough,” said Saurabh Sharma, a Senior Security Researcher for Kaspersky.