- Cognizant first-quarter earnings were in the green but worst is yet to come with the full impact of the ransomware attack on its systems to be reflected in the coming quarters.
- Management explained that there are multiple costs — including legal and consulting — associated with the investigation.
- Even now, Cognizant expects that it will take at least until the end of the month to completely restore its systems.
“With the ransomware attack now contained… We are now substantially work from enabled,” added CEO Brian Humphries explaining that the vast majority of revenue impact will only be reflected in the next quarter’s earnings and continue to bear down in the coming year. “[The] ongoing remediation cost will institute through subsequent quarters,” he said.
The issue with ransomware attacks, in comparison to other malware, is that the impact goes beyond mere monetary compensation. The company’s reputation takes a hit, clients back out and there’s a huge opportunity cost while security experts try to get systems back online. “We expect to incur certain legal, consulting and other costs associated with the investigation, service restoration and remediation of the breach,” explained McLoughlin.
It’s going to take till the end of the month for Cognizant to completely get its systems back online and fully functional, according to Humphries.
The ripple effects of a ransomware attack
Cognizant isn’t the only company to get hit by Maze ransomware. The malicious software has been blamed for extorting a number of large organisations in the past year. However, the attack on Cognizant is likely the most prolific till date. “Unlike its predecessors, the group behind Maze ransomware delivered on its promises in late 2019 — more than once,” said global cybersecurity company Kaspersky.
For instance, in November, when Allied Universal refused to pay up, the criminals leaked 700MB of internal data online including contracts, termination agreements, digital certificates, and more. The blackmailers said they had published just 10% of what they had stolen and threatened to make the rest available publicly if the target did not cooperate.
For an IT services company like Cognizant, there’s a ripple effect that goes beyond simply paying the ransom. In addition to locking the company’s files behind a bitcoin paywall — sensitive information was stolen like targets for mergers and acquisitions, profit and loss reports, as well as medical records.
“Ransomware attacks often rely on victims making a few basic mistakes that are often quite uncomfortable to confront,” explains Paul Ducklin, the Principal Research Scientist at Sophos. And, as is the case with most blackmail, paying the blackmailers doesn’t necessarily ensure that information won’t be leaked.
All you have is a pinky promise from a bad-faith actor that they will keep their word — and Cognizant’s clients seemed to be aware of this little complication. “Some clients opted to suspend access to their networks. Billing was therefore impacted for a period of time, yet the cost of staffing projects remained on our books,” said Humphries.
The approach that hackers take is called ‘steal, lock and inform’ because they understand the impact this will have on the company’s reputation. “The attack encrypted some of the internal systems, effectively defaming them and we proactively took other systems offline,” added Humphries.
There’s no reset button, there’s no way to get the information back and it takes time to determine how much data has been lost since attackers erase any directories or back-ups a company may have in place. “Backing up data is just a hygiene step that needs to be taken by every data storing facility mandatorily, however it is not enough,” said Saurabh Sharma, a Senior Security Researcher for Kaspersky.
See also:
Cognizant CEO Brian Humphries warns of a tough 2020— plans to hire 20,000 freshers this year
Hyundai rolls out 200 vehicles from Chennai plant on first day of resuming operations
Punjab board to promote class 10 students without final exams due to Covid-19 crisis