Ransomware, Content

Cognizant Maze Ransomware Attack, Recovery: 10 Status Updates, Learnings

Cognizant believes it has contained a Maze ransomware attack that hit the MSP and IT consulting firm in late April 2020, according to a first quarter earnings statement released May 7, 2020. Still, the attack will impact Cognizant's Q2 2020 revenue, and there may be additional financial implications thereafter, the company indicated.

Cognizant CEO Brian Humphries
Cognizant CEO Brian Humphries

Cognizant in April 2020 disclosed that the attack may impact company revenues.  During a May 7 earnings call, Cognizant CEO Brian Humphries and CFO Karen McLoughlin provided additional details about the attack. MSSP Alert has paraphrased the comments and company updates in these 10 points.

1. Ransomware Attack Costs (So Far): The attack will cost Cognizant about $50 million to $70 million in lost revenue and margin for Q2, 2020. Additionally, the company expects to incur certain legal, consulting and other costs associated with the investigation, service restoration and remediation of the breach.

2. Executive Efforts: Cognizant mobilized its entire leadership team when the attack was discovered in April. The company also notified law enforcement agencies at that time.

3. Hundreds of Customer Communications: Communications with clients were transparent from the start. The effort included "hundreds" of individual client calls with Cognizant's security organization, cyber experts and executive team; along with two client conference calls in April.

4. Indicators of Compromise: Cognizant proactively provided clients with Indicators of Compromise (IOC). Customers can use the forensic data to identify potentially malicious activity and defend against attacks from external actors.

5. Latest Conference Calls - Attack Contained: Early in the week of May 4, Cognizant held a third conference call with customers to confirm the attack's containment.

6. Ransomware Attack's Financial Impact: The ransomware attack will negatively impact Cognizant's Q2 results for two reasons. First, the attack encrypted some of the IT consulting firm's internal systems, effectively disabling them, and Cognizant proactively took other systems offline. The disruption impacted work-from-home enablement such as VDI and the provisioning of WFH laptops. Second, some clients opted to suspend Cognizant's access to their networks. Billing was therefore impacted for a period of time, yet the cost of staffing those projects remained on Cognizant's books.

7. Work From Home: The WFH issues have now largely been addressed.

8. Regaining Customer Network Trust: Cognizant has "meaningfully progressed in addressing the concerns of clients that have suspended our access to their networks. We expect to substantially complete this by the end of the month," Humphries said.

9. Financial Impact - Timing: Most of the ransomware attack's impact on revenue and margin will occur in the second quarter. However, ongoing remediation costs will continue through subsequent quarters. Cognizant plans to disclose the financial impact on a quarterly basis to ensure visibility.

10. Lessons Learned: Cognizant is applying learnings from the attack to further harden its network.

Cognizant Q1 2020 Financial Results

For its Q1 2020, Cognizant says:

  • Revenue was $4.2 billion, up 2.8% from the year-ago quarter, including a negative 50 basis points impact from the exit of certain content services business.
  • Net income was $367 million compared to $441 million in the year-ago quarter.
Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.