
Business process outsourcing firm Conduent said its European operations were hit with ransomware last week, which two security companies said has led to the leak of internal company documents on to the web.
Ransomware busters Emsisoft, as well as the threat intelligence firm Bad Packets, said Conduent appears to have been struck by Maze ransomware. Maze is the same brand of ransomware that hit Cognizant in April during in a high profile attack that locked some employees out of the company’s email systems, just as Cognizant was moving employees to remote work.
In the Conduent attack, Maze hackers appear to have published two zip files which New Zealand-based Emsisoft security analyst Brett Callow said contain documents related to the company’s work in Germany. The files were released Wednesday on a site that publicizes Maze attacks.
“I see a file for Vodafone Deutschland,” he told CRN. “These groups typically start by posting the older and less sensitive data served if they were to post the Crown Jewels so to speak, the company would have less incentive to pay for the remaining data being published.”
Conduent released a statement today confirming the attack happened on May 29. The statement said it lasted about nine hours before its systems were back online.
“Conduent's European operations experienced a service interruption on Friday, May 29, 2020, the statement reads. “Our system identified ransomware, which was then addressed by our cybersecurity protocols. This interruption began at 12.45 AM CET on May 29th with systems mostly back in production again by 10.00 AM CET that morning, and all systems have since then been restored. This resulted in a partial interruption to the services that we provide to some clients. As our investigation continues, we have on-going internal and external security forensics and anti-virus teams reviewing and monitoring our European infrastructure.”
[RELATED: Cognizant Breach: 10 Things To Know About Maze Ransomware Attacks]
Conduent did not respond to a question about whether any documents were taken, or whether any data was stolen from its governmental customers. Conduent runs automated toll systems in several states, an operation that has come under fire from lawmakers.
Conduent was created after Xerox spun off its business process outsourcing business in 2016. It started trading in December 2016 at $14.60 a share. Its stock price reached a high of $23.27 in September 2018. Conduent shares closed at $2.66 yesterday.
Cybersecurity research firm Bad Packet posted a tweet yesterday that suggested one of Conduent’s Citrix servers was vulnerable to a specific threat for eight weeks between December 17 and Feb. 14. The company also tweeted screenshots that confirm what Callow stated were document’s related to Conduent’s business with Vodafone. The document appears to be an invoice and is titled “Rechnung,” which is the German word for “bill.” It is dated March 2018.
Conduent did not respond to a CRN email that asked the company about Bad Packet’s research.
Cognizant’s attack is expected to hit the company’s bottom line, as mitigation costs are likely to spiral to between $50 and $70 million, the company told investors during an earnings call in early May. The company also may spend money on legal costs, consultants and other costs related to its ongoing investigation into the attack.
“While we have restored the majority of our services and we are moving quickly to complete the investigation, it is likely that costs related to the ransomware attack will continue to negatively impact our financial results beyond Q2,” said Cognizant CFO Karen McLoughlin.
The attack on Cognizant came a year after massive solution provider Wipro was hit by cybercriminals who seeded ransomware through a number of its customers.
related stories
Video
trending stories
sponsored resources

OutSystems
Modern Application Development 360

Symantec
Symantec Business Security Learning Center

HP Amplify™ - A Simplified Global Program for the Customer-Driven Digital Age
HP Inc.

Dell Technologies
Dell Technologies Cloud Learning Center

NPD
Industry Trends 360

EPOS
EPOS

Smart 3rd Party
3rd Party Maintenance 360

Products of the Year Showcase

Cysurance
Cyber Insurance 360

Dell Technologies
Dell Technologies Storage Learning Center

BlackBerry
BlackBerry Learning Center

Spectrum Partner Program
Spectrum Partner Program

ADT
Network Security 360

Dell Technologies
Dell Technologies Server Learning Center

WatchGuard
WatchGuard

APC by Schneider Electric
IoT Platforms 360

Tenable
Cyber Risk 360

Dell Technologies
Dell Technologies Hybrid Cloud Learning Center

StorageCraft
Disaster Recovery Learning Center

Wasabi
Wasabi

Webroot
Webroot Learning Center

HubStor
Cloud Backup 360
