Updated IoCs on August 26, 2020, 1:45 AM and 2:25 AM EST.
IT managed services firm Cognizant suffered a ransomware
attack purportedly conducted by threat actors behind Maze ransomware, according to a report by BleepingComputer
The company has emailed their clients about the attack. The email advisory included a preliminary list of indicators of compromise (IoCs) identified through its investigation, which customers can refer to for system monitoring and securing. The list of IoCs include IP addresses and file hashes, which have been linked to previous Maze attacks.
Besides encrypting data, Maze ransomware operators are also notorious for releasing stolen data
to the public. The ransomware also employs various methods to infect victims, including spam campaigns, fake cryptocurrency sites, and exploit kits.
Cognizant is a multinational company based in the U.S. that provides services to other companies, including those that fall under IT, digital, operations, and consulting.
Defense against ransomware
Ransomware can potentially affect not just the enterprise itself, but their customers as well. With an attack against a company that offers IT services, the importance of securing the software supply chain is highlighted.
Below are some best practices
users can perform to mitigate risks associated with ransomware:
- Back up files using the 3-2-1 rule. This precautionary measure avoids data loss in case of a ransomware attack. It involves creating three backups in two different formats and storing one copy offsite.
- Be vigilant against socially-engineered emails. This reduces the chances of infection, as many ransomware types are propagated as spam attachments.
- Patch and update applications and programs. This ensures that vulnerabilities which can be used as entry points for ransomware can be fixed as soon as possible.
- Enable firewalls and intrusion prevention. This blocks malicious network activities, which may have been caused by ransomware.
- Deploy application control and behavior monitoring. This detects suspicious activities and prevents malicious programs such as ransomware from making unauthorized changes in the system.
- Utilize sandbox analysis. This enables monitoring minus the risk of compromise, as malicious files can be executed in an isolated environment.
As added protection against ransomware, the following Trend Micro Solutions are recommended:
Indicators of Compromise
||Trend Micro Pattern Detection
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.